mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-22 13:06:02 +03:00
Code Issues Projects Releases Wiki Activity

Improve services on boot

Browse Source 
- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7
This commit is contained in:
hwdsl2 2016-10-28 11:54:29 -05:00
parent 895d46c0c9
commit e3d830dfd4
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extras/vpnupgrade_centos.sh
View File

@ -108,7 +108,7 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
if grep -qs "release 6" /etc/redhat-release; then if grep -qs "release 6" /etc/redhat-release; then
yum -y remove libevent-devel yum -y remove libevent-devel
yum -y install libevent2-devel || exiterr2 yum -y install libevent2-devel || exiterr2
elif grep -qs "release 7" /etc/redhat-release; then else
yum -y install libevent-devel systemd-devel || exiterr2 yum -y install libevent-devel systemd-devel || exiterr2
fi fi

3
vpnsetup.sh
View File

@ -162,6 +162,8 @@ apt-get -yq install ppp xl2tpd || exiterr2
# Install Fail2Ban to protect SSH server # Install Fail2Ban to protect SSH server
apt-get -yq install fail2ban || exiterr2 apt-get -yq install fail2ban || exiterr2
update-rc.d fail2ban enable
systemctl enable fail2ban 2>/dev/null
# Compile and install Libreswan # Compile and install Libreswan
swan_ver=3.18 swan_ver=3.18
@ -438,7 +440,6 @@ EOF
echo "sleep 30" >> /etc/rc.local echo "sleep 30" >> /etc/rc.local
fi fi
cat >> /etc/rc.local <<'EOF' cat >> /etc/rc.local <<'EOF'
service fail2ban restart || /bin/true
service ipsec start service ipsec start
service xl2tpd start service xl2tpd start
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward

19
vpnsetup_centos.sh
View File

@ -156,7 +156,7 @@ yum -y install fail2ban || exiterr2
if grep -qs "release 6" /etc/redhat-release; then if grep -qs "release 6" /etc/redhat-release; then
yum -y remove libevent-devel yum -y remove libevent-devel
yum -y install libevent2-devel || exiterr2 yum -y install libevent2-devel || exiterr2
elif grep -qs "release 7" /etc/redhat-release; then else
yum -y install libevent-devel systemd-devel || exiterr2 yum -y install libevent-devel systemd-devel || exiterr2
fi fi
@ -408,13 +408,6 @@ fi
# Create basic Fail2Ban rules # Create basic Fail2Ban rules
if [ ! -f /etc/fail2ban/jail.local ] ; then if [ ! -f /etc/fail2ban/jail.local ] ; then
cat > /etc/fail2ban/jail.local <<'EOF' cat > /etc/fail2ban/jail.local <<'EOF'
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables] [ssh-iptables]
enabled = true enabled = true
filter = sshd filter = sshd
@ -424,13 +417,19 @@ EOF
fi fi
# Start services at boot # Start services at boot
if grep -qs "release 6" /etc/redhat-release; then
chkconfig iptables on
chkconfig fail2ban on
else
systemctl --now mask firewalld
yum -y install iptables-services || exiterr2
systemctl enable iptables fail2ban
fi
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
conf_bk "/etc/rc.local" conf_bk "/etc/rc.local"
cat >> /etc/rc.local <<'EOF' cat >> /etc/rc.local <<'EOF'
# Added by hwdsl2 VPN script # Added by hwdsl2 VPN script
iptables-restore < /etc/sysconfig/iptables
service fail2ban restart
service ipsec start service ipsec start
service xl2tpd start service xl2tpd start
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward