Better handling of custom SSH port
This commit is contained in:
parent
bb61197b4f
commit
1f76dc169a
@ -324,7 +324,10 @@ fi
|
|||||||
# - If *not* empty, insert new rules and save them with existing ones.
|
# - If *not* empty, insert new rules and save them with existing ones.
|
||||||
if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then
|
if ! grep -qs "hwdsl2 VPN script" /etc/iptables.rules; then
|
||||||
service fail2ban stop >/dev/null 2>&1
|
service fail2ban stop >/dev/null 2>&1
|
||||||
if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
|
iptables-save > "/etc/iptables.rules.old-$sys_dt"
|
||||||
|
sshd_port="$(ss -nlput | grep sshd | awk '{print $5}' | head -n 1 | grep -Eo '[0-9]{1,5}$')"
|
||||||
|
|
||||||
|
if [ "$(iptables-save | grep -c '^\-')" = "0" ] && [ "$sshd_port" = "22" ]; then
|
||||||
cat > /etc/iptables.rules <<EOF
|
cat > /etc/iptables.rules <<EOF
|
||||||
# Added by hwdsl2 VPN script
|
# Added by hwdsl2 VPN script
|
||||||
*filter
|
*filter
|
||||||
@ -365,8 +368,6 @@ EOF
|
|||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
iptables-save > "/etc/iptables.rules.old-$sys_dt"
|
|
||||||
|
|
||||||
iptables -I INPUT 1 -p udp -m multiport --dports 500,4500 -j ACCEPT
|
iptables -I INPUT 1 -p udp -m multiport --dports 500,4500 -j ACCEPT
|
||||||
iptables -I INPUT 2 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
|
iptables -I INPUT 2 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
|
||||||
iptables -I INPUT 3 -p udp --dport 1701 -j DROP
|
iptables -I INPUT 3 -p udp --dport 1701 -j DROP
|
||||||
|
@ -318,7 +318,10 @@ fi
|
|||||||
# - If *not* empty, insert new rules and save them with existing ones.
|
# - If *not* empty, insert new rules and save them with existing ones.
|
||||||
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then
|
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/iptables; then
|
||||||
service fail2ban stop >/dev/null 2>&1
|
service fail2ban stop >/dev/null 2>&1
|
||||||
if [ "$(iptables-save | grep -c '^\-')" = "0" ]; then
|
iptables-save > "/etc/sysconfig/iptables.old-$sys_dt"
|
||||||
|
sshd_port="$(ss -nlput | grep sshd | awk '{print $5}' | head -n 1 | grep -Eo '[0-9]{1,5}$')"
|
||||||
|
|
||||||
|
if [ "$(iptables-save | grep -c '^\-')" = "0" ] && [ "$sshd_port" = "22" ]; then
|
||||||
cat > /etc/sysconfig/iptables <<EOF
|
cat > /etc/sysconfig/iptables <<EOF
|
||||||
# Added by hwdsl2 VPN script
|
# Added by hwdsl2 VPN script
|
||||||
*filter
|
*filter
|
||||||
@ -358,8 +361,6 @@ EOF
|
|||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
iptables-save > "/etc/sysconfig/iptables.old-$sys_dt"
|
|
||||||
|
|
||||||
iptables -I INPUT 1 -p udp -m multiport --dports 500,4500 -j ACCEPT
|
iptables -I INPUT 1 -p udp -m multiport --dports 500,4500 -j ACCEPT
|
||||||
iptables -I INPUT 2 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
|
iptables -I INPUT 2 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
|
||||||
iptables -I INPUT 3 -p udp --dport 1701 -j DROP
|
iptables -I INPUT 3 -p udp --dport 1701 -j DROP
|
||||||
|
Loading…
x
Reference in New Issue
Block a user