Nanako/DHDAXCW-Rockchip-OpenWrt
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

luci-app-openvpn-server: avoid repeated forwarding rules (#4558)

Browse Source 
Fix the bug that flashing firmware multiple times will cause repeated forwarding rules in firewall.
This commit is contained in:
HiGarfield 2020-05-08 20:43:27 +08:00 committed by GitHub
parent 585ca34a6b
commit 82792a1d11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
package/lean/luci-app-openvpn-server/root/etc/uci-defaults/openvpn
View File

@ -1,41 +1,49 @@
#!/bin/sh #!/bin/sh
uci -q batch <<-EOF >/dev/null uci -q batch <<-EOF >/dev/null
set network.vpn0="interface" delete network.vpn0
set network.vpn0.ifname="tun0" set network.vpn0=interface
set network.vpn0.proto="none" set network.vpn0.ifname='tun0'
set network.vpn0.proto='none'
commit network commit network
delete firewall.vpn
delete firewall.vpnwan
delete firewall.vpnlan
delete firewall.openvpn delete firewall.openvpn
add firewall rule set firewall.openvpn=rule
rename firewall.@rule[-1]="openvpn" set firewall.openvpn.name='openvpn'
set firewall.@rule[-1].name="openvpn" set firewall.openvpn.target='ACCEPT'
set firewall.@rule[-1].target="ACCEPT" set firewall.openvpn.src='wan'
set firewall.@rule[-1].src="wan" set firewall.openvpn.proto='tcp udp'
set firewall.@rule[-1].proto="tcp udp" set firewall.openvpn.dest_port='1194'
set firewall.@rule[-1].dest_port="1194"
add firewall zone delete firewall.vpn
rename firewall.@zone[-1]="vpn" set firewall.vpn=zone
set firewall.@zone[-1].name="vpn" set firewall.vpn.name='vpn'
set firewall.@zone[-1].input="ACCEPT" set firewall.vpn.input='ACCEPT'
set firewall.@zone[-1].forward="ACCEPT" set firewall.vpn.forward='ACCEPT'
set firewall.@zone[-1].output="ACCEPT" set firewall.vpn.output='ACCEPT'
set firewall.@zone[-1].masq="1" set firewall.vpn.masq='1'
set firewall.@zone[-1].network="vpn0" set firewall.vpn.network='vpn0'
add firewall forwarding
set firewall.@forwarding[-1].src="vpn" delete firewall.vpntowan
set firewall.@forwarding[-1].dest="wan" set firewall.vpntowan=forwarding
add firewall forwarding set firewall.vpntowan.src='vpn'
set firewall.@forwarding[-1].src="vpn" set firewall.vpntowan.dest='wan'
set firewall.@forwarding[-1].dest="lan"
add firewall forwarding delete firewall.vpntolan
set firewall.@forwarding[-1].dest='vpn' set firewall.vpntolan=forwarding
set firewall.@forwarding[-1].src='lan' set firewall.vpntolan.src='vpn'
set firewall.vpntolan.dest='lan'
delete firewall.lantovpn
set firewall.lantovpn=forwarding
set firewall.lantovpn.src='lan'
set firewall.lantovpn.dest='vpn'
commit firewall commit firewall
EOF EOF
chmod 0777 /etc/openvpn/server/checkpsw.sh
rm -f /tmp/luci-indexcache rm -f /tmp/luci-indexcache
exit 0 exit 0