diff --git a/docs/uninstall-zh.md b/docs/uninstall-zh.md index f637558..8f9bfa2 100644 --- a/docs/uninstall-zh.md +++ b/docs/uninstall-zh.md @@ -39,13 +39,11 @@ rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service 编辑 `/etc/iptables.rules` 并删除不需要的规则。 你以前的防火墙规则(如果有)会备份在 `/etc/iptables.rules.old-日期-时间`。 另外如果文件 `/etc/iptables/rules.v4` 存在,请编辑它。 -如果使用 IPv6 ,还需编辑 `/etc/ip6tables.rules` 和/或 `/etc/iptables/rules.v6`。 ### CentOS/RHEL 编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。 你以前的防火墙规则(如果有)会备份在 `/etc/sysconfig/iptables.old-日期-时间`。 -如果使用 IPv6 ,还需编辑 `/etc/sysconfig/ip6tables`。 ## 第四步 diff --git a/docs/uninstall.md b/docs/uninstall.md index bb2adab..8c5da78 100644 --- a/docs/uninstall.md +++ b/docs/uninstall.md @@ -39,13 +39,11 @@ rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists. -If using IPv6, also edit `/etc/ip6tables.rules` and/or `/etc/iptables/rules.v6`. ### CentOS/RHEL Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`. -If using IPv6, also edit `/etc/sysconfig/ip6tables`. ## Fourth step diff --git a/vpnsetup.sh b/vpnsetup.sh index f9e29e3..5a49400 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -392,29 +392,6 @@ if [ -f /etc/iptables/rules.v4 ]; then fi fi -# Create basic IPv6 rules -if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then -/bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$sys_dt" 2>/dev/null -cat > /etc/ip6tables.rules <<EOF -# Added by hwdsl2 VPN script -*filter -:INPUT ACCEPT [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -i lo -j ACCEPT --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -m rt --rt-type 0 -j DROP --A INPUT -s fe80::/10 -j ACCEPT --A INPUT -p ipv6-icmp -j ACCEPT --A INPUT -j DROP -COMMIT -EOF -if [ -f /etc/iptables/rules.v6 ]; then -/bin/cp -f /etc/iptables/rules.v6 "/etc/iptables/rules.v6.old-$sys_dt" -/bin/cp -f /etc/ip6tables.rules /etc/iptables/rules.v6 -fi -fi - # Load IPTables rules at system boot mkdir -p /etc/network/if-pre-up.d cat > /etc/network/if-pre-up.d/iptablesload <<EOF @@ -423,12 +400,6 @@ iptables-restore < /etc/iptables.rules exit 0 EOF -cat > /etc/network/if-pre-up.d/ip6tablesload <<EOF -#!/bin/sh -ip6tables-restore < /etc/ip6tables.rules -exit 0 -EOF - # Start services at boot if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then /bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null @@ -450,12 +421,10 @@ sysctl -e -q -p # Update file attributes chmod +x /etc/rc.local chmod +x /etc/network/if-pre-up.d/iptablesload -chmod +x /etc/network/if-pre-up.d/ip6tablesload chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd* # Apply new IPTables rules iptables-restore < /etc/iptables.rules -ip6tables-restore < /etc/ip6tables.rules >/dev/null 2>&1 # Restart services service fail2ban stop >/dev/null 2>&1 diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 890a59b..d050cbd 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -146,11 +146,6 @@ yum -y install ppp xl2tpd # Install Fail2Ban to protect SSH yum -y install fail2ban -# Install IP6Tables -if grep -qs "release 6" /etc/redhat-release; then - yum -y install iptables-ipv6 -fi - # Installed Libevent2 if grep -qs "release 6" /etc/redhat-release; then yum -y remove libevent-devel @@ -391,25 +386,6 @@ iptables-save >> /etc/sysconfig/iptables fi fi -# Create basic IPv6 rules -if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then -/bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$sys_dt" 2>/dev/null -cat > /etc/sysconfig/ip6tables <<EOF -# Added by hwdsl2 VPN script -*filter -:INPUT ACCEPT [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -i lo -j ACCEPT --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -m rt --rt-type 0 -j DROP --A INPUT -s fe80::/10 -j ACCEPT --A INPUT -p ipv6-icmp -j ACCEPT --A INPUT -j DROP -COMMIT -EOF -fi - # Create basic Fail2Ban rules if [ ! -f /etc/fail2ban/jail.local ] ; then cat > /etc/fail2ban/jail.local <<EOF @@ -435,7 +411,6 @@ cat >> /etc/rc.local <<EOF # Added by hwdsl2 VPN script iptables-restore < /etc/sysconfig/iptables -ip6tables-restore < /etc/sysconfig/ip6tables service fail2ban restart service ipsec start service xl2tpd start @@ -457,7 +432,6 @@ chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd* # Apply new IPTables rules iptables-restore < /etc/sysconfig/iptables -ip6tables-restore < /etc/sysconfig/ip6tables >/dev/null 2>&1 # Restart services service fail2ban stop >/dev/null 2>&1