From 9e7fe7dab847d50200b863d4c0cd43c83126cc3a Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Thu, 6 Jun 2024 11:56:13 -0400 Subject: updates --- vpn3/Vagrantfile | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'vpn3/Vagrantfile') diff --git a/vpn3/Vagrantfile b/vpn3/Vagrantfile index 2bd91c7..1b236ac 100644 --- a/vpn3/Vagrantfile +++ b/vpn3/Vagrantfile @@ -38,12 +38,12 @@ Vagrant.configure('2') do |config| config.vm.provision 'update', type: 'shell', name: 'update', inline: <<-SHELL set -ex - sudo apk add openvpn nfs-utils + sudo apk add openvpn nfs-utils ufw mkdir -p /vagrant && \ sudo mount -t nfs 192.168.121.1:/home/devi/share/nfs /vagrant SHELL - config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL2 + config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL set -ex echo tun >> /etc/modules #rc-update add openvpn default @@ -61,5 +61,27 @@ Vagrant.configure('2') do |config| sysctl -p /etc/sysctl.d/ipv4.conf rc-service openvpn start || true sleep 1 - SHELL2 + SHELL + + config.vm.provision 'killswitch', type: 'shell', name: 'killswitch', privileged: true, inline: <<-SHELL + ufw --force reset + ufw default deny incoming + ufw default deny outgoing + ufw allow in on tun0 + ufw allow out on tun0 + # enable libvirt bridge + ufw allow in on eth0 from 192.168.121.1 + ufw allow out on eth0 to 192.168.121.1 + # server block + ufw allow out on eth0 to 185.213.154.131 port 1197 + ufw allow in on eth0 from 185.213.154.131 port 1197 + ufw allow out on eth0 to 185.213.154.133 port 1197 + ufw allow in on eth0 from 185.213.154.133 port 1197 + ufw allow out on eth0 to 185.213.154.134 port 1197 + ufw allow in on eth0 from 185.213.154.134 port 1197 + ufw allow out on eth0 to 185.213.154.132 port 1197 + ufw allow in on eth0 from 185.213.154.132 port 1197 + + echo y | ufw enable + SHELL end -- cgit v1.2.3