Home Explore Help
Sign In
labriqueinternet
/
vpnclient_ynh
mirror of https://github.com/labriqueinternet/vpnclient_ynh
3
0
Fork 0
Files
Browse Source

We don't need no sudo

Alexandre Aubin 3 years ago
parent
31069d1cb0
commit
21ca164d93
1 changed files with 38 additions and 38 deletions
Split View Show Diff Stats
  1. 38 38
      conf/hook_post-iptable-rules

+ 38 - 38
conf/hook_post-iptable-rules
View File 

@@ -18,76 +18,76 @@ dns=$(grep -o -P '\s*nameserver\s+\K[ABCDEFabcdef\d.:]+' /etc/resolv.dnsmasq.con
 
 
 # IPv6
 
 
-sudo ip6tables -w -N vpnclient_in
 
-sudo ip6tables -w -N vpnclient_out
 
-sudo ip6tables -w -N vpnclient_fwd
 
+ip6tables -w -N vpnclient_in
 
+ip6tables -w -N vpnclient_out
 
+ip6tables -w -N vpnclient_fwd
 
 
-sudo ip6tables -w -A vpnclient_in -p icmpv6 -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_in -s fd00::/8,fe80::/10 -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_in -j DROP
 
+ip6tables -w -A vpnclient_in -p icmpv6 -j ACCEPT
 
+ip6tables -w -A vpnclient_in -s fd00::/8,fe80::/10 -j ACCEPT
 
+ip6tables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
 
+ip6tables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
 
+ip6tables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
+ip6tables -w -A vpnclient_in -j DROP
 
 
 if [ ! -z "${host6}" ]; then
 
   for i in ${host6}; do
 
-    sudo ip6tables -w -A vpnclient_out -d "${i}" -j ACCEPT
 
+    ip6tables -w -A vpnclient_out -d "${i}" -j ACCEPT
 
   done
 
 fi
 
 
 for i in ${dns};
 
 do
 
   if [[ "${i}" =~ : ]]; then
 
-    sudo ip6tables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
 
+    ip6tables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
 
   fi
 
 done
 
 
-sudo ip6tables -w -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_out -p udp --dport 5353 -d ff02::fb -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
-sudo ip6tables -w -A vpnclient_out -j DROP
 
+ip6tables -w -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
 
+ip6tables -w -A vpnclient_out -p udp --dport 5353 -d ff02::fb -j ACCEPT
 
+ip6tables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
+ip6tables -w -A vpnclient_out -j DROP
 
 
-sudo ip6tables -w -A vpnclient_fwd -j DROP
 
+ip6tables -w -A vpnclient_fwd -j DROP
 
 
-sudo ip6tables -w -I INPUT 1 -i $interface -j vpnclient_in
 
-sudo ip6tables -w -I OUTPUT 1 -o $interface -j vpnclient_out
 
-sudo ip6tables -w -I FORWARD 1 -o $interface -j vpnclient_fwd
 
+ip6tables -w -I INPUT 1 -i $interface -j vpnclient_in
 
+ip6tables -w -I OUTPUT 1 -o $interface -j vpnclient_out
 
+ip6tables -w -I FORWARD 1 -o $interface -j vpnclient_fwd
 
 
 # IPv4
 
 
-sudo iptables -w -N vpnclient_in
 
-sudo iptables -w -N vpnclient_out
 
-sudo iptables -w -N vpnclient_fwd
 
+iptables -w -N vpnclient_in
 
+iptables -w -N vpnclient_out
 
+iptables -w -N vpnclient_fwd
 
 
-sudo iptables -w -A vpnclient_in -p icmp -j ACCEPT
 
-sudo iptables -w -A vpnclient_in -s 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
 
-sudo iptables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
 
-sudo iptables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
 
-sudo iptables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
-sudo iptables -w -A vpnclient_in -j DROP
 
+iptables -w -A vpnclient_in -p icmp -j ACCEPT
 
+iptables -w -A vpnclient_in -s 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
 
+iptables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
 
+iptables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
 
+iptables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
+iptables -w -A vpnclient_in -j DROP
 
 
 if [ ! -z "${host4}" ]; then
 
   for i in ${host4}; do
 
-    sudo iptables -w -A vpnclient_out -d "${i}" -j ACCEPT
 
+    iptables -w -A vpnclient_out -d "${i}" -j ACCEPT
 
   done
 
 fi
 
 
 for i in ${dns};
 
 do
 
   if [[ "${i}" =~ \. ]]; then
 
-    sudo iptables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
 
+    iptables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
 
   fi
 
 done
 
 
-sudo iptables -w -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
 
-sudo iptables -w -A vpnclient_out -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
 
-sudo iptables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
-sudo iptables -w -A vpnclient_out -j DROP
 
+iptables -w -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
 
+iptables -w -A vpnclient_out -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
 
+iptables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
+iptables -w -A vpnclient_out -j DROP
 
 
-sudo iptables -w -A vpnclient_fwd -j DROP
 
+iptables -w -A vpnclient_fwd -j DROP
 
 
-sudo iptables -w -I INPUT 1 -i $interface -j vpnclient_in
 
-sudo iptables -w -I OUTPUT 1 -o $interface -j vpnclient_out
 
-sudo iptables -w -I FORWARD 1 -o  $interface -j vpnclient_fwd
 
+iptables -w -I INPUT 1 -i $interface -j vpnclient_in
 
+iptables -w -I OUTPUT 1 -o $interface -j vpnclient_out
 
+iptables -w -I FORWARD 1 -o  $interface -j vpnclient_fwd
 
 
 exit 0