|
|
@@ -1,13 +1,40 @@
|
|
|
#!/bin/bash
|
|
|
|
|
|
is_firewall_set() {
|
|
|
- local wired_device=$(ip route | awk '/default via/ { print $5; }')
|
|
|
-
|
|
|
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}" \
|
|
|
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
|
|
|
}
|
|
|
|
|
|
+wired_device=$(ip route | awk '/default via/ { print $5; }')
|
|
|
+
|
|
|
if is_firewall_set; then
|
|
|
rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
|
|
|
- yunohost firewall reload >/dev/null
|
|
|
+
|
|
|
+ # IPv4
|
|
|
+
|
|
|
+ iptables -w -D OUTPUT -i "${wired_device}" -j vpnclient_in
|
|
|
+ iptables -w -D OUTPUT -o "${wired_device}" -j vpnclient_out
|
|
|
+ iptables -w -D OUTPUT -o "${wired_device}" -j vpnclient_fwd
|
|
|
+
|
|
|
+ iptables -w -F vpnclient_in
|
|
|
+ iptables -w -F vpnclient_out
|
|
|
+ iptables -w -F vpnclient_fwd
|
|
|
+
|
|
|
+ iptables -w -X vpnclient_in
|
|
|
+ iptables -w -X vpnclient_out
|
|
|
+ iptables -w -X vpnclient_fwd
|
|
|
+
|
|
|
+ # IPv6
|
|
|
+
|
|
|
+ ip6tables -w -D OUTPUT -i "${wired_device}" -j vpnclient_in
|
|
|
+ ip6tables -w -D OUTPUT -o "${wired_device}" -j vpnclient_out
|
|
|
+ ip6tables -w -D OUTPUT -o "${wired_device}" -j vpnclient_fwd
|
|
|
+
|
|
|
+ ip6tables -w -F vpnclient_in
|
|
|
+ ip6tables -w -F vpnclient_out
|
|
|
+ ip6tables -w -F vpnclient_fwd
|
|
|
+
|
|
|
+ ip6tables -w -X vpnclient_in
|
|
|
+ ip6tables -w -X vpnclient_out
|
|
|
+ ip6tables -w -X vpnclient_fwd
|
|
|
fi
|
HgO