Home Explore Help
Sign In
labriqueinternet
/
vpnclient_ynh
mirror of https://github.com/labriqueinternet/vpnclient_ynh
3
0
Fork 0
Files
Browse Source

Replace Moulinette error by warning

Julien Vaubourg 9 years ago
parent
4a10cecb9a
commit
abcddf3634
3 changed files with 15 additions and 2 deletions
Split View Show Diff Stats
  1. 12 0
      conf/hook_post-iptable-rules
  2. 2 0
      conf/ynh-vpnclient
  3. 1 2
      scripts/prerequisites

+ 12 - 0
conf/hook_post-iptable-rules
View File 

@@ -19,6 +19,12 @@ if [ ! -z "${host6}" ]; then
 
   sudo ip6tables -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
 
 fi
 
 
+for i in <TPL:DNS0> <TPL:DNS1>; do
 
+  if [[ "${i}" =~ : ]]; then
 
+    sudo ip6tables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
 
+  fi
 
+done
 
+
 
 sudo ip6tables -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
 
 sudo ip6tables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 sudo ip6tables -A vpnclient_out -j DROP
 
@@ -45,6 +51,12 @@ if [ ! -z "${host4}" ]; then
 
   sudo iptables -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
 
 fi
 
 
+for i in <TPL:DNS0> <TPL:DNS1>; do
 
+  if [[ "${i}" =~ \. ]]; then
 
+    sudo iptables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
 
+  fi
 
+done
 
+
 
 sudo iptables -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
 
 sudo iptables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 sudo iptables -A vpnclient_out -j DROP

+ 2 - 0
conf/ynh-vpnclient
View File 

@@ -89,6 +89,8 @@ set_firewall() {
 
   sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 
   sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 
   sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 
+  sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 
+  sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 
 
   yunohost firewall reload
 
 }

+ 1 - 2
scripts/prerequisites
View File 

@@ -4,6 +4,5 @@
 
 ynh_moulinette_version=$(sudo dpkg -l moulinette-yunohost | grep ii | awk '{ print $3 }' | sed 's/\.//g')
 
 
 if [ "${ynh_moulinette_version}" -lt 240 ]; then
 
-  echo "ERROR: You need a YunoHost-Moulinette version equals or greater than 2.4.0" >&2
 
-  exit 1
 
+  echo "WARN: You need a YunoHost-Moulinette version equals or greater than 2.4.0 for activating the firewalling" >&2
 
 fi