rule add
#!/bin/bash
# clear all the existing rules
function clear_existing_rules()
{
systemctl stop firewalld.service
firewall-cmd --delete-service=openvpn
iptables -F
iptables -X
iptables -Z
}
# start firewalld.server
function start_firewalld_add_basic_rule()
{
systemctl start firewalld.service
firewall-cmd --add-service=openvpn
}
# convert IP_type netmask to number
function convert_netmaks_to_number()
{
subnet=$1
ip_netmask=$2
number_netmask=`ipcalc -p 0.0.0.1 $ip_netmask |awk -F= '{print $2}'`
subnet_with_mask="${subnet}/${number_netmask}"
}
# get VPN subnet
function get_vpn_subnet_with_mask()
{
vpnserver_type=`egrep -v "^#|^ *$|^;" ${config_file} | grep "^dev" | awk -F' ' '{print $2}'`
if [ "${vpnserver_type}" == "tun" ]; then
subnet=`egrep -v "^#|^ *$|^;" ${config_file} | grep "^server" | awk -F' ' '{print $2}'`
netmask=`egrep -v "^#|^ *$|^;" ${config_file} | grep "^server" | awk -F' ' '{print $3}'`
elif [ "${vpnserver_type}" == "tap0" ]; then
subnet=`egrep -v "^#|^ *$|^;" ${config_file} | grep server-bridge | awk -F' ' '{print $2}'`
netmask=`egrep -v "^#|^ *$|^;" ${config_file} | grep server-bridge | awk -F' ' '{print $3}'`
fi
convert_netmaks_to_number "${subnet}" "${netmask}"
}
# add additional firewall rules
function add_additional_firewall_rules()
{
subnet_with_mask=$1
echo "adding iptables rule started" >> /var/log/openvpn.log
echo "firewall-cmd --direct --passthrough ipv4 -t nat -A POSTROUTING -s ${subnet_with_mask} -o eth1 -j MASQUERADE" >> /var/log/openvpn.log
iptables -F
iptables -X
iptables -Z
firewall-cmd --direct --passthrough ipv4 -t nat -A POSTROUTING -s ${subnet_with_mask} -o eth1 -j MASQUERADE
echo "adding iptables rule finished" >> /var/log/openvpn.log
}
config_file=$1
clear_existing_rules
start_firewalld_add_basic_rule
get_vpn_subnet_with_mask
add_additional_firewall_rules ${subnet_with_mask}
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步