diff options
| -rwxr-xr-x | Generate | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -391,6 +391,7 @@ hostlist.each{ |host| iptables = File.new("#{dir}/#{$NAMESPACE}.iptables.sh", "w") ip6tables = File.new("#{dir}/#{$NAMESPACE}.ip6tables.sh", "w") ipferm = File.new("#{dir}/#{$NAMESPACE}.iptables.ferm", "w") + ip6ferm = File.new("#{dir}/#{$NAMESPACE}.ip6tables.ferm", "w") iptables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." iptables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" iptables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'" @@ -403,6 +404,8 @@ hostlist.each{ |host| if host['ipv6'] ip6tables.puts "ip6tables --new-chain vpn-#{$NAMESPACE}" ip6tables.puts "ip6tables --flush vpn-#{$NAMESPACE}" + ip6ferm.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." + ip6ferm.puts "def &vpn_#{$NAMESPACE}6() = {" end ipferm.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." @@ -669,6 +672,7 @@ hostlist.each{ |host| conffile.puts "comp-lzo" conffile.puts "keepalive 10 30" conffile.puts "verb 0" + conffile.puts "script-security 2" if host['openvpn'] == '2.1' conffile.close ########## @@ -713,6 +717,14 @@ hostlist.each{ |host| " interface #{ peer['ifacename'] } " + " ACCEPT;" + if host['ipv6'] and peer['ipv6'] + ip6ferm.puts " saddr #{ host['link-local'][ peer['name'] ]['peer'] } \\" + ip6ferm.puts " daddr #{ host['link-local'][ peer['name'] ]['me'] } \\" + ip6ferm.puts " proto tcp dport #{ host['bgp_port'] or '179' } \\" + ip6ferm.puts " interface #{ peer['ifacename'] } \\" + ip6ferm.puts " ACCEPT;" + end + ########## bgpd.puts "!" bgpd.puts "! ** peer #{peer['name']} **" @@ -756,6 +768,8 @@ hostlist.each{ |host| ip6tables.close ipferm.puts "}" ipferm.close + ip6ferm.puts "}" + ip6ferm.close bgpd.close File.chmod(0600, bgpdfilename) == 1 or throw "Cannot chmod #{bgpdfilename}" |