openvpn.sh implement firewall custom rules to fix dperson#176

ghsyeung · May 2, 2020 · 7130fa2 · 7130fa2
1 parent b69ff56
commit 7130fa2
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/openvpn.sh b/openvpn.sh
@@ -103,6 +103,7 @@ firewall() { local port="${1:-1194}" docker_network="$(ip -o addr show dev eth0|
         iptables -A OUTPUT -p udp -m udp --dport $port -j ACCEPT; }
     iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
     iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
+    [[ -r $firewall_cust ]] && . $firewall_cust
     for i in $route6 $route; do [[ -e $i ]] || touch $i; done
     [[ -s $route6 ]] && for net in $(cat $route6); do return_route6 $net; done
     [[ -s $route ]] && for net in $(cat $route); do return_route $net; done
@@ -268,6 +269,7 @@ auth="$dir/vpn.auth"
 cert_auth="$dir/vpn.cert_auth"
 conf="$dir/vpn.conf"
 cert="$dir/vpn-ca.crt"
+firewall_cust="$dir/.firewall_cust"
 route="$dir/.firewall"
 route6="$dir/.firewall6"
 export ext_args="--script-security 2 --redirect-gateway def1"