From 9c62fe09914e50ce1d0d0136c0e1a917558d20cb Mon Sep 17 00:00:00 2001 From: corbolais Date: Sun, 8 Dec 2019 17:18:08 +0100 Subject: [PATCH] take care of /etc/ufw/before.rules nat section. safeguard against accidentally killing the file. Signed-off-by: corbolais --- auto_install/install.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 2305458..2a44295 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1401,7 +1401,20 @@ confNetwork(){ USING_UFW=1 echo "::: Detected UFW is enabled." echo "::: Adding UFW rules..." - $SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules + ### Basic safeguard: if file is empty, there's been something weird going on. + ### Note: no safeguard against imcomplete content as a result of previous failures. + if test -s /etc/ufw/before.rules; then + $SUDO cp -f /etc/ufw/before.rules /etc/ufw/before.rules.pre-pivpn + else + echo "$0: ERR: Sorry, won't touch empty file \"/etc/ufw/before.rules\"."; + exit 1; + fi + ### If there is already a "*nat" section just add our POSTROUTING MASQUERADE + if grep -q "*nat" /etc/ufw/before.rules; then + $SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules + else + $SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules + fi # Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic) $SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" >/dev/null $SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any >/dev/null