move iptables/nat functionality to a function (setupIptablesAndRouting)

This allows iptables rule update to be overridden by creating/supplying that function in, for example, ovpn_env.sh
2017-02-14 15:34:24 -05:00 · 2017-02-14 15:34:24 -05:00 · a2adb59d69
commit a2adb59d69
parent f4351bb0dd
1 changed files with 13 additions and 9 deletions
--- a/bin/ovpn_run
+++ b/bin/ovpn_run
@ -35,6 +35,18 @@ function addArg {
    fi
 }

+function setupIptablesAndRouting {
+    iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
+      iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
+    }
+    for i in "${OVPN_ROUTES[@]}"; do
+        iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
+          iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
+        }
+    done
+}
+
+
 addArg "--config" "$OPENVPN/openvpn.conf"

 source "$OPENVPN/ovpn_env.sh"
@ -53,14 +65,7 @@ fi

 # Setup NAT forwarding if requested
 if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then
-    iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
-      iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
-    }
-    for i in "${OVPN_ROUTES[@]}"; do
-        iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
-          iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
-        }
-    done
+	setupIptablesAndRouting
 fi

 # Use a hacky hardlink as the CRL Needs to be readable by the user/group
@ -85,4 +90,3 @@ fi

 echo "Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'"
 exec openvpn ${ARGS[@]} ${USER_ARGS[@]}
-