|
Last change
on this file since 62266ed was
76ea60c,
checked in by Edwin Eefting <edwin@datux.nl>, 6 years ago
|
|
added ipset learning to openvpn, to allow firewalling based on openvpn certificate
|
-
Property mode set to
100755
|
|
File size:
596 bytes
|
| Line | |
|---|
| 1 | #!/bin/bash |
|---|
| 2 | |
|---|
| 3 | # Openvpn iptables rules based on certificate name. |
|---|
| 4 | # (C)2018 SYN-3 edwin@datux.nl |
|---|
| 5 | |
|---|
| 6 | OPERATION=$1 |
|---|
| 7 | IP=$2 |
|---|
| 8 | CN=$3 |
|---|
| 9 | |
|---|
| 10 | |
|---|
| 11 | log() |
|---|
| 12 | { |
|---|
| 13 | logger -t openvpn-update-ipset "$1" |
|---|
| 14 | } |
|---|
| 15 | |
|---|
| 16 | # always make sure the ip doesnt exist in other sets (in case of bugs/openvpn restarts) |
|---|
| 17 | log "Deleting $IP from all ipsets" |
|---|
| 18 | for SET in `ipset list -n|grep ^openvpn_cert_`; do ipset del $SET $IP; done |
|---|
| 19 | |
|---|
| 20 | |
|---|
| 21 | if [ "$OPERATION" == "add" ] || [ "$OPERATION" == "update" ]; then |
|---|
| 22 | # add chain |
|---|
| 23 | log "Adding $IP to ipset openvpn_cert_$CN" |
|---|
| 24 | ipset create openvpn_cert_$CN hash:ip |
|---|
| 25 | ipset add openvpn_cert_$CN $IP |
|---|
| 26 | fi |
|---|
| 27 | |
|---|
| 28 | |
|---|
| 29 | exit 0 |
|---|
Note: See
TracBrowser
for help on using the repository browser.
