Context Navigation

learn-address.sh @ 5a444e8

Last change on this file since 5a444e8 was 5a444e8, checked in by Edwin Eefting <edwin@datux.nl>, 6 years ago
added openvpn certificate based firewalling
Property mode set to `100755`
File size: 855 bytes

Line
1	#!/bin/bash
2
3	# Openvpn iptables rules based on certificate name.
4	# (C)2018 SYN-3 edwin@datux.nl
5
6	OPERATION=$1
7	IP=$2
8	CN=$3
9
10	CHAIN="openvpn_$IP"
11
12	log()
13	{
14	logger -t learn-address "$1"
15	}
16
17	allow_tcp()
18	{
19	log "Allowing tcp to $1 port $2"
20	iptables -I $CHAIN -d $1 -p tcp --dport $2 -jACCEPT
21	}
22
23	allow_udp()
24	{
25	log "Allowing udp to $1 port $2"
26	iptables -I $CHAIN -d $1 -p udp --dport $2 -jACCEPT
27	}
28
29	# always cleanup first (in case of openvpn issues/restarts)
30	log "Deleting $IP"
31	iptables -D FORWARD -s $IP -j $CHAIN
32	iptables -F $CHAIN
33	iptables -X $CHAIN
34
35
36	if [ "$OPERATION" == "add" ] \|\| [ "$OPERATION" == "update" ]; then
37	# add chain
38	log "Adding $IP for $CN"
39	iptables -N $CHAIN
40	iptables -I FORWARD -s $IP -j $CHAIN
41
42	# add rules
43	if [ -e /etc/openvpn/rules/$CN ]; then
44	source /etc/openvpn/rules/$CN
45	fi
46
47	fi
48
49
50	exit 0

Note: See TracBrowser for help on using the repository browser.