Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################################################
- # This script will get your VPN IP address from tun0 and then bind #
- # your LAN to your VPN address using iptables. Uncomment the right LAN #
- # for what you are using. If you have a static IP enter that. #
- # The iptables are flushed so VPN ips can be changed #
- # Onryo aka Erik Adler #
- ########################################################################
- #!/bin/bash
- #Set variables
- IPT=/sbin/iptables
- VPN=$(/sbin/ifconfig tun0 | awk '/inet addr/ {print substr($2, 6)}')
- LAN1=192.168.0.0/16
- ## LAN2=10.0.0.0/8
- ## LAN3=172.16.0.0/12
- #Flush all rules
- $IPT -F
- $IPT -X
- $IPT -t nat -F
- $IPT -t nat -X
- $IPT -t mangle -F
- $IPT -t mangle -X
- $IPT -P INPUT ACCEPT
- $IPT -P FORWARD ACCEPT
- $IPT -P OUTPUT ACCEPT
- echo "You are locked to VPN" $VPN
- #Default policies and define chains
- $IPT -P OUTPUT DROP
- $IPT -P INPUT DROP
- $IPT -P FORWARD DROP
- #Allow input from LAN and tun0 ONLY
- $IPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- $IPT -A INPUT -i lo -j ACCEPT
- $IPT -A INPUT -i tun0 -m conntrack --ctstate NEW -j ACCEPT
- $IPT -A INPUT -s $LAN1 -m conntrack --ctstate NEW -j ACCEPT
- ## $IPT -A INPUT -s $LAN2 -m conntrack --ctstate NEW -j ACCEPT
- ## $IPT -A INPUT -s $LAN3 -m conntrack --ctstate NEW -j ACCEPT
- $IPT -A INPUT -j DROP
- #Allow output from lo and tun0 ONLY
- $IPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- $IPT -A OUTPUT -o lo -j ACCEPT
- $IPT -A OUTPUT -o tun0 -m conntrack --ctstate NEW -j ACCEPT
- $IPT -A OUTPUT -d $VPN -m conntrack --ctstate NEW -j ACCEPT
- $IPT -A OUTPUT -j DROP
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
