Update openvpn-install.sh

#417 done

openvpn-install.sh

@@ -957,6 +957,36 @@ verb 3" >>/etc/openvpn/server.conf
 		installUnbound
 	fi
 	
+	if pgrep firewalld; then
+		IP=$(hostname -I | awk '{print $1}')
+		echo "#!/bin/sh
+# Allow incoming traffic
+firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL
+firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL
+
+# Add trusted zone
+firewall-cmd --zone=trusted --add-source=10.8.0.0/24	
+firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
+
+# Set NAT for the VPN subnet
+firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
+firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" >/etc/iptables/add-openvpn-rules.sh
+
+		echo "#!/bin/sh
+# Remove firewall rules
+firewall-cmd --zone=public --remove-port=$PORT/$PROTOCOL
+firewall-cmd --permanent --zone=public --remove-port=$PORT/$PROTOCOL
+
+# remove trusted zone
+firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
+firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
+
+# Remove NAT for the VPN subnet
+firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
+firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" >/etc/iptables/rm-openvpn-rules.sh
+
+	else
+
 		# Add iptables rules in two scripts
 		mkdir -p /etc/iptables
 
@@ -991,6 +1021,7 @@ ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT
 ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT
 ip6tables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/rm-openvpn-rules.sh
 		fi
+	fi
 
 	chmod +x /etc/iptables/add-openvpn-rules.sh
 	chmod +x /etc/iptables/rm-openvpn-rules.sh