ufw4vpn

1. #!/bin/bash
2. ###########################################
3. #          Created by Thomas Butz         #
4. #   E-Mail: btom1990(at)googlemail.com    #
5. #  Feel free to copy & share this script  #
6. ###########################################
7.  
8. # Adapt this value to your config!
9. VPN_DST_PORT=3478
10.  
11. # Don't change anything beyond this point
12. ###########################################
13.  
14. # Check for root priviliges
15. if [[ $EUID -ne 0 ]]; then
16.    printf "Please run as root:\nsudo %s\n" "${0}"
17.    exit 1
18. fi
19.  
20.  
21. # Reset the ufw config
22. ufw --force reset
23.          
24. # let all incoming traffic pass
25. ufw default allow incoming
26. # and block outgoing by default
27. ufw default deny outgoing
28.  
29. # Every communiction via VPN is considered to be safe
30. ufw allow out on tun0
31.  
32. # Don't block the creation of the VPN tunnel
33. ufw allow out $VPN_DST_PORT
34. # Don't block DNS queries
35. ufw allow out 53
36.  
37. # Allow local IPv4 connections
38. ufw allow out to 10.0.0.0/8
39. ufw allow out to 172.16.0.0/12
40. ufw allow out to 192.168.0.0/16
41. # Allow IPv4 local multicasts
42. ufw allow out to 224.0.0.0/24
43. ufw allow out to 239.0.0.0/8
44.  
45. # Allow local IPv6 connections
46. ufw allow out to fe80::/64
47. # Allow IPv6 link-local multicasts
48. ufw allow out to ff01::/16
49. # Allow IPv6 site-local multicasts
50. ufw allow out to ff02::/16
51. ufw allow out to ff05::/16
52.  
53. # Enable the firewall
54. ufw enable