diff options
author | terminaldweller <devi@terminaldweller.com> | 2024-06-06 15:56:13 +0000 |
---|---|---|
committer | terminaldweller <devi@terminaldweller.com> | 2024-06-06 15:56:13 +0000 |
commit | 9e7fe7dab847d50200b863d4c0cd43c83126cc3a (patch) | |
tree | 777db778c687c28e44bbee6233dc4852042061cb /vpn3 | |
parent | updates (diff) | |
download | vagrantboxes-9e7fe7dab847d50200b863d4c0cd43c83126cc3a.tar.gz vagrantboxes-9e7fe7dab847d50200b863d4c0cd43c83126cc3a.zip |
updates
Diffstat (limited to '')
-rw-r--r-- | vpn3/Vagrantfile | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/vpn3/Vagrantfile b/vpn3/Vagrantfile index 2bd91c7..1b236ac 100644 --- a/vpn3/Vagrantfile +++ b/vpn3/Vagrantfile @@ -38,12 +38,12 @@ Vagrant.configure('2') do |config| config.vm.provision 'update', type: 'shell', name: 'update', inline: <<-SHELL set -ex - sudo apk add openvpn nfs-utils + sudo apk add openvpn nfs-utils ufw mkdir -p /vagrant && \ sudo mount -t nfs 192.168.121.1:/home/devi/share/nfs /vagrant SHELL - config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL2 + config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL set -ex echo tun >> /etc/modules #rc-update add openvpn default @@ -61,5 +61,27 @@ Vagrant.configure('2') do |config| sysctl -p /etc/sysctl.d/ipv4.conf rc-service openvpn start || true sleep 1 - SHELL2 + SHELL + + config.vm.provision 'killswitch', type: 'shell', name: 'killswitch', privileged: true, inline: <<-SHELL + ufw --force reset + ufw default deny incoming + ufw default deny outgoing + ufw allow in on tun0 + ufw allow out on tun0 + # enable libvirt bridge + ufw allow in on eth0 from 192.168.121.1 + ufw allow out on eth0 to 192.168.121.1 + # server block + ufw allow out on eth0 to 185.213.154.131 port 1197 + ufw allow in on eth0 from 185.213.154.131 port 1197 + ufw allow out on eth0 to 185.213.154.133 port 1197 + ufw allow in on eth0 from 185.213.154.133 port 1197 + ufw allow out on eth0 to 185.213.154.134 port 1197 + ufw allow in on eth0 from 185.213.154.134 port 1197 + ufw allow out on eth0 to 185.213.154.132 port 1197 + ufw allow in on eth0 from 185.213.154.132 port 1197 + + echo y | ufw enable + SHELL end |