funkemunky/protonvpn-qbittorrent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix awk for ipv4, add ipv6 local allows

Browse Source
This commit is contained in:
Joe Roback
2025-11-15 15:23:36 -07:00
parent 1168e6e1b2
commit eaa78e1217
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
entrypoint.sh
+7 -2
View File
@@ -33,15 +33,21 @@ shutdown () {
trap shutdown SIGTERM SIGINT SIGQUIT trap shutdown SIGTERM SIGINT SIGQUIT
wg show
# kill switches for ipv4 and ipv6 wg-quick(8) # kill switches for ipv4 and ipv6 wg-quick(8)
iptables -I OUTPUT ! -o ${WIREGUARD_INTERFACE} -m mark ! --mark $(wg show ${WIREGUARD_INTERFACE} fwmark) -m addrtype ! --dst-type LOCAL -j REJECT iptables -I OUTPUT ! -o ${WIREGUARD_INTERFACE} -m mark ! --mark $(wg show ${WIREGUARD_INTERFACE} fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
ip6tables -I OUTPUT ! -o ${WIREGUARD_INTERFACE} -m mark ! --mark $(wg show ${WIREGUARD_INTERFACE} fwmark) -m addrtype ! --dst-type LOCAL -j REJECT ip6tables -I OUTPUT ! -o ${WIREGUARD_INTERFACE} -m mark ! --mark $(wg show ${WIREGUARD_INTERFACE} fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
# allow local container subnets (especially helpful if using multiple networks) # allow local container subnets (especially helpful if using multiple networks)
for network in $(ip -o addr show | awk '/^(\d)+: eth(.+)inet/ {print $4}'); do for network in $(ip -o addr show | awk '/^(\d)+: eth(.+)inet / {print $4}'); do
iptables -I OUTPUT -d ${network} -j ACCEPT iptables -I OUTPUT -d ${network} -j ACCEPT
done done
for network in $(ip -o addr show | awk '/^(\d)+: eth(.+)inet6 / {print $4}'); do
ip6tables -I OUTPUT -d ${network} -j ACCEPT
done
# allow connections user defined local networks # allow connections user defined local networks
for local_subnet in ${LOCAL_SUBNETS//,/$IFS} for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
do do
@@ -49,7 +55,6 @@ do
iptables -I OUTPUT -d ${local_subnet} -j ACCEPT iptables -I OUTPUT -d ${local_subnet} -j ACCEPT
done done
wg show
sleep 2 sleep 2
# check to see if tunnel allows port forwarding # check to see if tunnel allows port forwarding