move iptables/nat functionality to a function (setupIptablesAndRouting)

This allows iptables rule update to be overridden by creating/supplying that function in, for example, ovpn_env.sh
2017-02-14 15:34:24 -05:00 · 2017-02-14 15:34:24 -05:00 · a2adb59d69
commit a2adb59d69
parent f4351bb0dd
1 changed files with 13 additions and 9 deletions
--- a/bin/ovpn_run
+++ b/bin/ovpn_run
@ -35,6 +35,18 @@ function addArg {
    fi
 }
 function setupIptablesAndRouting {
    iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
      iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
    }
    for i in "${OVPN_ROUTES[@]}"; do
        iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
          iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
        }
    done
 }
 addArg "--config" "$OPENVPN/openvpn.conf"
 source "$OPENVPN/ovpn_env.sh"
@ -53,14 +65,7 @@ fi
 # Setup NAT forwarding if requested
 if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then
-    iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
+	setupIptablesAndRouting
      iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
    }
    for i in "${OVPN_ROUTES[@]}"; do
        iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
          iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
        }
    done
 fi
 # Use a hacky hardlink as the CRL Needs to be readable by the user/group
@ -85,4 +90,3 @@ fi
 echo "Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'"
 exec openvpn ${ARGS[@]} ${USER_ARGS[@]}