From 12d0efcea6fc20e5b89341ece65b210679393bde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mirko=20K=C3=B6ster?= Date: Mon, 8 Mar 2021 17:26:20 +0100 Subject: [PATCH 1/2] ufw: add comment if you have a lot of ufw rules and look at them via `sudo ufw status` it would be beneficial to have comments indicating the purpose of a rule --- auto_install/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 996986f..76d2cb4 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -2098,7 +2098,7 @@ confNetwork(){ $SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE -m comment --comment ${VPN}-nat-rule\nCOMMIT\n" -i /etc/ufw/before.rules fi # Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic) - $SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" >/dev/null + $SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" comment vpn >/dev/null $SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any >/dev/null $SUDO ufw reload >/dev/null From 73eb1c501d14e8eaf0e821f3d150aa9f0d947403 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mirko=20K=C3=B6ster?= Date: Tue, 16 Mar 2021 12:06:15 +0100 Subject: [PATCH 2/2] requested change see comment https://github.com/pivpn/pivpn/pull/1272/files#r595064063 --- auto_install/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 76d2cb4..db79e00 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -2098,7 +2098,7 @@ confNetwork(){ $SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/${subnetClass} -o ${IPv4dev} -j MASQUERADE -m comment --comment ${VPN}-nat-rule\nCOMMIT\n" -i /etc/ufw/before.rules fi # Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic) - $SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" comment vpn >/dev/null + $SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" comment allow-${VPN} >/dev/null $SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any >/dev/null $SUDO ufw reload >/dev/null