From 28b02f28db63f6302dc4b6a7e6c54d49ebf7388b Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Mon, 19 Apr 2021 00:38:50 -0500 Subject: [PATCH] Fix for CentOS 8 - Minor fix for IPTables FORWARD rules on CentOS 8 - Cleanup --- vpnsetup_amzn.sh | 2 +- vpnsetup_centos.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index b309f7e..59f3c09 100755 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -392,10 +392,10 @@ if [ "$ipt_flag" = "1" ]; then iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT + iptables -A FORWARD -j DROP iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE" - iptables -A FORWARD -j DROP iptables-save >> "$IPT_FILE" fi diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 8ed294a..13ce65a 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -454,6 +454,7 @@ if [ "$ipt_flag" = "1" ]; then iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT + iptables -A FORWARD -j DROP iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE" @@ -471,7 +472,6 @@ if [ "$ipt_flag" = "1" ]; then echo "flush ruleset" >> "$IPT_FILE" nft list ruleset >> "$IPT_FILE" else - iptables -A FORWARD -j DROP iptables-save >> "$IPT_FILE" fi fi