thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Only add iptables rules if they don't already exist

Yannik Sembritzki 8 years ago
parent
9725cdd9d8
commit
66cb39bb46
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4
    0
      roles/vpn/templates/rc.local_ansible_openvpn

+ 4
- 0
roles/vpn/templates/rc.local_ansible_openvpn View File 

@@ -4,9 +4,13 @@
4 4 
 # This script should be included in your rc.local
5 5 
 #
6 6
7 
+iptables -C FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT || \
7 8 
 iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
9 
+iptables -C FORWARD -s 10.8.0.0/24 -j ACCEPT || \
8 10 
 iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
11 
+iptables -C FORWARD -j REJECT || \
9 12 
 iptables -A FORWARD -j REJECT
13 
+iptables -t nat -C POSTROUTING -s 10.8.0.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE || \
10 14 
 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
11 15
12 16 
 systemctl restart dnsmasq

Write Preview
Loading…
Cancel
Save