rework mod for tcp-client to tcp

pull/23/merge
binhex 4 years ago
parent 4fde9d5b17
commit fe31225094

@ -1,10 +1,5 @@
#!/bin/bash #!/bin/bash
# change openvpn config 'tcp-client' to compatible iptables 'tcp'
if [[ "${VPN_PROTOCOL}" == "tcp-client" ]]; then
export VPN_PROTOCOL="tcp"
fi
# identify docker bridge interface name by looking at routing to # identify docker bridge interface name by looking at routing to
# vpn provider remote endpoint (first ip address from name # vpn provider remote endpoint (first ip address from name
# lookup in /root/start.sh) # lookup in /root/start.sh)
@ -94,15 +89,21 @@ iptables -A INPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j ACC
# iterate over array and add all remote vpn ports and protocols # iterate over array and add all remote vpn ports and protocols
for index in "${!vpn_remote_port_list[@]}"; do for index in "${!vpn_remote_port_list[@]}"; do
# change openvpn config 'tcp-client' to compatible iptables 'tcp'
if [[ "${vpn_remote_protocol_list[$index]}" == "tcp-client" ]]; then
vpn_remote_protocol_list="tcp"
else
vpn_remote_protocol_list="${vpn_remote_protocol_list[$index]}"
fi
# note grep -e is required to indicate no flags follow to prevent -A from being incorrectly picked up # note grep -e is required to indicate no flags follow to prevent -A from being incorrectly picked up
rule_exists=$(iptables -S | grep -e "-A INPUT -i "${docker_interface}" -p "${vpn_remote_protocol_list[$index]}" -m "${vpn_remote_protocol_list[$index]}" --sport "${vpn_remote_port_list[$index]}" -j ACCEPT") rule_exists=$(iptables -S | grep -e "-A INPUT -i "${docker_interface}" -p "${vpn_remote_protocol_list}" -m "${vpn_remote_protocol_list}" --sport "${vpn_remote_port_list[$index]}" -j ACCEPT")
if [[ -z "${rule_exists}" ]]; then if [[ -z "${rule_exists}" ]]; then
# accept input to vpn gateway # accept input to vpn gateway
iptables -A INPUT -i "${docker_interface}" -p "${vpn_remote_protocol_list[$index]}" --sport "${vpn_remote_port_list[$index]}" -j ACCEPT iptables -A INPUT -i "${docker_interface}" -p "${vpn_remote_protocol_list}" --sport "${vpn_remote_port_list[$index]}" -j ACCEPT
fi fi
done done
# accept input to qbittorrent port WEBUI_PORT # accept input to qbittorrent port WEBUI_PORT
iptables -A INPUT -i "${docker_interface}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT iptables -A INPUT -i "${docker_interface}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
iptables -A INPUT -i "${docker_interface}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT iptables -A INPUT -i "${docker_interface}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT
@ -178,11 +179,18 @@ iptables -A OUTPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j AC
# iterate over array and add all remote vpn ports and protocols # iterate over array and add all remote vpn ports and protocols
for index in "${!vpn_remote_port_list[@]}"; do for index in "${!vpn_remote_port_list[@]}"; do
# change openvpn config 'tcp-client' to compatible iptables 'tcp'
if [[ "${vpn_remote_protocol_list[$index]}" == "tcp-client" ]]; then
vpn_remote_protocol_list="tcp"
else
vpn_remote_protocol_list="${vpn_remote_protocol_list[$index]}"
fi
# note grep -e is required to indicate no flags follow to prevent -A from being incorrectly picked up # note grep -e is required to indicate no flags follow to prevent -A from being incorrectly picked up
rule_exists=$(iptables -S | grep -e "-A OUTPUT -o "${docker_interface}" -p "${vpn_remote_protocol_list[$index]}" -m "${vpn_remote_protocol_list[$index]}" --dport "${vpn_remote_port_list[$index]}" -j ACCEPT") rule_exists=$(iptables -S | grep -e "-A OUTPUT -o "${docker_interface}" -p "${vpn_remote_protocol_list}" -m "${vpn_remote_protocol_list}" --dport "${vpn_remote_port_list[$index]}" -j ACCEPT")
if [[ -z "${rule_exists}" ]]; then if [[ -z "${rule_exists}" ]]; then
# accept output from vpn gateway # accept output from vpn gateway
iptables -A OUTPUT -o "${docker_interface}" -p "${vpn_remote_protocol_list[$index]}" --dport "${vpn_remote_port_list[$index]}" -j ACCEPT iptables -A OUTPUT -o "${docker_interface}" -p "${vpn_remote_protocol_list}" --dport "${vpn_remote_port_list[$index]}" -j ACCEPT
fi fi
done done
@ -252,8 +260,3 @@ echo "--------------------"
iptables -S 2>&1 | tee /tmp/getiptables iptables -S 2>&1 | tee /tmp/getiptables
chmod +r /tmp/getiptables chmod +r /tmp/getiptables
echo "--------------------" echo "--------------------"
# change iptable 'tcp' to openvpn config compatible 'tcp-client' (this file is sourced)
if [[ "${VPN_PROTOCOL}" == "tcp" ]]; then
export VPN_PROTOCOL="tcp-client"
fi

Loading…
Cancel
Save