aboutsummaryrefslogtreecommitdiffstats
path: root/vpn3
diff options
context:
space:
mode:
authorterminaldweller <devi@terminaldweller.com>2024-06-06 15:56:13 +0000
committerterminaldweller <devi@terminaldweller.com>2024-06-06 15:56:13 +0000
commit9e7fe7dab847d50200b863d4c0cd43c83126cc3a (patch)
tree777db778c687c28e44bbee6233dc4852042061cb /vpn3
parentupdates (diff)
downloadvagrantboxes-9e7fe7dab847d50200b863d4c0cd43c83126cc3a.tar.gz
vagrantboxes-9e7fe7dab847d50200b863d4c0cd43c83126cc3a.zip
updates
Diffstat (limited to '')
-rw-r--r--vpn3/Vagrantfile28
1 files changed, 25 insertions, 3 deletions
diff --git a/vpn3/Vagrantfile b/vpn3/Vagrantfile
index 2bd91c7..1b236ac 100644
--- a/vpn3/Vagrantfile
+++ b/vpn3/Vagrantfile
@@ -38,12 +38,12 @@ Vagrant.configure('2') do |config|
config.vm.provision 'update', type: 'shell', name: 'update', inline: <<-SHELL
set -ex
- sudo apk add openvpn nfs-utils
+ sudo apk add openvpn nfs-utils ufw
mkdir -p /vagrant && \
sudo mount -t nfs 192.168.121.1:/home/devi/share/nfs /vagrant
SHELL
- config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL2
+ config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL
set -ex
echo tun >> /etc/modules
#rc-update add openvpn default
@@ -61,5 +61,27 @@ Vagrant.configure('2') do |config|
sysctl -p /etc/sysctl.d/ipv4.conf
rc-service openvpn start || true
sleep 1
- SHELL2
+ SHELL
+
+ config.vm.provision 'killswitch', type: 'shell', name: 'killswitch', privileged: true, inline: <<-SHELL
+ ufw --force reset
+ ufw default deny incoming
+ ufw default deny outgoing
+ ufw allow in on tun0
+ ufw allow out on tun0
+ # enable libvirt bridge
+ ufw allow in on eth0 from 192.168.121.1
+ ufw allow out on eth0 to 192.168.121.1
+ # server block
+ ufw allow out on eth0 to 185.213.154.131 port 1197
+ ufw allow in on eth0 from 185.213.154.131 port 1197
+ ufw allow out on eth0 to 185.213.154.133 port 1197
+ ufw allow in on eth0 from 185.213.154.133 port 1197
+ ufw allow out on eth0 to 185.213.154.134 port 1197
+ ufw allow in on eth0 from 185.213.154.134 port 1197
+ ufw allow out on eth0 to 185.213.154.132 port 1197
+ ufw allow in on eth0 from 185.213.154.132 port 1197
+
+ echo y | ufw enable
+ SHELL
end