Skip to content

Commit

Permalink
vtun generator: fix firewall rules for hops to supernode
Browse files Browse the repository at this point in the history
  • Loading branch information
@USA-RedDragon
USA-RedDragon committed Aug 17, 2023
1 parent ad5a6d4 commit 9e530ec
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions internal/vtun/generator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,16 @@ options {
ip "addr add ${IP_PLUS_2} peer ${IP_PLUS_1} dev %%";
ip "link set dev %% up";
ip "route add ${NET}/30 via ${IP_PLUS_1} mtu 1450 src ${IP_PLUS_2}";
firewall "-A FORWARD -i %% -o eth0 -d 10.0.0.0/8 -j ACCEPT";
firewall "-A FORWARD -i %% -o eth0 -j REJECT";
firewall "-A FORWARD -i eth0 -o %% -s 10.0.0.0/8 -j ACCEPT";
firewall "-A FORWARD -i eth0 -o %% -j REJECT";
${EXTRA_UP_RULES}
};
down {
${EXTRA_DOWN_RULES}
firewall "-D FORWARD -i %% -o eth0 -d 10.0.0.0/8 -j ACCEPT";
firewall "-D FORWARD -i eth0 -o %% -s 10.0.0.0/8 -j ACCEPT";
firewall "-D FORWARD -i %% -o eth0 -j REJECT";
firewall "-D FORWARD -i eth0 -o %% -j REJECT";
ip "route del ${NET}/30 via ${IP_PLUS_1}";
Expand Down

0 comments on commit 9e530ec

Please sign in to comment.