Allow DNS incoming requests through UFW

Fixes https://github.com/pivpn/pivpn/issues/1282
This commit is contained in:
EWouters 2021-11-15 15:17:25 +01:00
parent 0883893a4f
commit 45f0ad5d37
No known key found for this signature in database
GPG key ID: 57C6FD6E908B073C
2 changed files with 7 additions and 0 deletions

View file

@ -1473,6 +1473,12 @@ askClientDNS(){
echo "pivpnDNS1=${pivpnDNS1}" >> ${tempsetupVarsFile}
echo "pivpnDNS2=${pivpnDNS2}" >> ${tempsetupVarsFile}
# Allow DNS incomming requests through UFW.
if [ "$USING_UFW" -eq 1 ]; then
$SUDO ufw insert 1 allow in on "${pivpnDEV}" to any port 53 from "${pivpnNET}/${subnetClass}" >/dev/null
fi
return
fi
fi

View file

@ -101,6 +101,7 @@ removeAll(){
ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null
### FIXME: SC2154
ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any > /dev/null
ufw delete allow in on "${pivpnDEV}" to any port 53 from "${pivpnNET}/${subnetClass}" >/dev/null
sed "/-I POSTROUTING -s ${pivpnNET}\\/${subnetClass} -o ${IPv4dev} -j MASQUERADE -m comment --comment ${VPN}-nat-rule/d" -i /etc/ufw/before.rules
iptables -t nat -D POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE -m comment --comment "${VPN}-nat-rule"
ufw reload &> /dev/null