Better handling of custom SSH port

2025-01-30 20:11:45 +03:00 · 2016-07-10 00:47:41 -05:00 · 2016-07-10 00:47:41 -05:00 · 1f76dc169a
commit 1f76dc169a
parent bb61197b4f
2 changed files with 8 additions and 6 deletions
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@ -324,7 +324,10 @@ fi
 # - If *not* empty, insert new rules and save them with existing ones.
 if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then
 service fail2ban stop >/dev/null 2>&1
-if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
+iptables-save > "/etc/iptables.rules.old-$sys_dt"
+sshd_port="$(ss -nlput | grep sshd | awk '{print $5}' | head -n 1 | grep -Eo '[0-9]{1,5}$')"
+
+if [ "$(iptables-save | grep -c '^\-')" = "0" ] && [ "$sshd_port" = "22" ]; then
 cat > /etc/iptables.rules <<EOF
 # Added by hwdsl2 VPN script
 *filter
@ -365,8 +368,6 @@ EOF

 else

-iptables-save > "/etc/iptables.rules.old-$sys_dt"
-
 iptables -I INPUT 1 -p udp -m multiport --dports 500,4500 -j ACCEPT
 iptables -I INPUT 2 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
 iptables -I INPUT 3 -p udp --dport 1701 -j DROP
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -318,7 +318,10 @@ fi
 # - If *not* empty, insert new rules and save them with existing ones.
 if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then
 service fail2ban stop >/dev/null 2>&1
-if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
+iptables-save > "/etc/sysconfig/iptables.old-$sys_dt"
+sshd_port="$(ss -nlput | grep sshd | awk '{print $5}' | head -n 1 | grep -Eo '[0-9]{1,5}$')"
+
+if [ "$(iptables-save | grep -c '^\-')" = "0" ] && [ "$sshd_port" = "22" ]; then
 cat > /etc/sysconfig/iptables <<EOF
 # Added by hwdsl2 VPN script
 *filter
@ -358,8 +361,6 @@ EOF

 else

-iptables-save > "/etc/sysconfig/iptables.old-$sys_dt"
-
 iptables -I INPUT 1 -p udp -m multiport --dports 500,4500 -j ACCEPT
 iptables -I INPUT 2 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
 iptables -I INPUT 3 -p udp --dport 1701 -j DROP