webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 04:52:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

openvpnctrl: Block all transfer subnets.

Browse Source
This commit is contained in:
Michael Tremer
2013-05-31 13:31:48 +02:00
parent 7c50b04834
commit c31f18b6a9
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/misc-progs/openvpnctrl.c
View File

@@ -27,6 +27,7 @@ char enableorange[STRING_SIZE] = "off";
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK";
char OVPNNAT[STRING_SIZE] = "OVPNNAT";
char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
@@ -480,6 +481,11 @@ void setFirewallRules(void) {
OVPNRED, redif, conn->proto, conn->port);
executeCommand(command);
/* Block all communication from the transfer nets. */
snprintf(command, STRING_SIZE, "/sbin/iptables -A %s -s %s -j DROP",
OVPNBLOCK, conn->transfer_subnet);
executeCommand(command);
local_subnet_address = getLocalSubnetAddress(conn);
transfer_subnet_address = calcTransferNetAddress(conn);