From 1acab15a2610e28d8ceab86327ffa7016aca095f Mon Sep 17 00:00:00 2001 From: Stanislas Date: Tue, 20 Aug 2019 11:55:43 +0200 Subject: [PATCH] Insert iptables rules at the top (#466) Fix #346 #465 --- openvpn-install.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 501ad07..6325fc0 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -875,17 +875,17 @@ verb 3" >> /etc/openvpn/server.conf # Script to add rules echo "#!/bin/sh -iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE -iptables -A INPUT -i tun0 -j ACCEPT -iptables -A FORWARD -i $NIC -o tun0 -j ACCEPT -iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT -iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" > /etc/iptables/add-openvpn-rules.sh +iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE +iptables -I INPUT 1 -i tun0 -j ACCEPT +iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT +iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT +iptables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" > /etc/iptables/add-openvpn-rules.sh if [[ "$IPV6_SUPPORT" = 'y' ]]; then - echo "ip6tables -t nat -A POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE -ip6tables -A INPUT -i tun0 -j ACCEPT -ip6tables -A FORWARD -i $NIC -o tun0 -j ACCEPT -ip6tables -A FORWARD -i tun0 -o $NIC -j ACCEPT" >> /etc/iptables/add-openvpn-rules.sh + echo "ip6tables -t nat -I POSTROUTING 1 -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE +ip6tables -I INPUT 1 -i tun0 -j ACCEPT +ip6tables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT +ip6tables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT" >> /etc/iptables/add-openvpn-rules.sh fi # Script to remove rules