From 4f8cad83cf1b89e7a1fe3dafc4cfef069c2851c0 Mon Sep 17 00:00:00 2001
From: jtbr <jtbr@users.noreply.github.com>
Date: Tue, 17 May 2016 05:28:48 +0200
Subject: [PATCH] add ufw rule to allow traffic on chosen udp port

---
 openvpn-install.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index c95d424..0957d28 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -134,6 +134,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 			if [[ "$REMOVE" = 'y' ]]; then
 				PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
 				if ufw status | grep -qw active; then
+					ufw delete allow $PORT/udp
 					sed -i '/^##OPENVPN_START/,/^##OPENVPN_END/d' /etc/ufw/before.rules
 					sed -i 's/^DEFAULT_FORWARD_POLICY="ACCEPT" #before ovpn: /DEFAULT_FORWARD_POLICY=/g' /etc/default/ufw
 				fi
@@ -392,6 +393,9 @@ tls-auth tls-auth.key 0" >> /etc/openvpn/server.conf
 		firewall-cmd --permanent --zone=public --add-port=$PORT/udp
 		firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
 	fi
+	if ufw status | grep -qw active; then
+		ufw allow $PORT/udp
+	fi
 	if iptables -L | grep -qE 'REJECT|DROP'; then
 		# If iptables has at least one REJECT rule, we asume this is needed.
 		# Not the best approach but I can't think of other and this shouldn't