Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- # Niftiest Software – www.niftiestsoftware.com
- # Modified version by HTPC Guides – www.htpcguides.com
- export INTERFACE="tun0"
- export VPNUSER="deluge"
- #export LOCALIP="192.168.1.130"
- export LOCALIP=$(hostname -i)
- export NETIF="eth0"
- # flushes all the iptables rules, if you have other rules to use then add them i nto the script
- iptables -F -t nat
- iptables -F -t mangle
- iptables -F -t filter
- # mark packets from $VPNUSER
- iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
- iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
- #iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-o wner $VPNUSER -j MARK --set-mark 0x1
- #iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-o wner $VPNUSER -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
- # allow responses
- iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT
- # block everything incoming on $INTERFACE to prevent accidental exposing of port s
- iptables -A INPUT -i $INTERFACE -j REJECT
- # let $VPNUSER access lo and $INTERFACE
- iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
- iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
- # all packets on $INTERFACE needs to be masqueraded
- iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
- # reject connections from predator IP going over $NETIF
- iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT
- # Start routing script
- /etc/openvpn/routing.sh
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
