diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2024-12-30 17:01:28 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2024-12-30 17:06:13 +0100 |
| commit | 578a1855975959f1cc33f0f52c2dbb8ae49433b2 (patch) | |
| tree | 35e8d549a497875129089d64cb9adee2d3a10b1e | |
| parent | 26e3d64f8142730260e9669d89b00d726fd42f1c (diff) | |
| download | hosts-578a1855975959f1cc33f0f52c2dbb8ae49433b2.tar.gz hosts-578a1855975959f1cc33f0f52c2dbb8ae49433b2.tar.zst hosts-578a1855975959f1cc33f0f52c2dbb8ae49433b2.zip | |
Remove outside access by default
| -rwxr-xr-x | ImmaeEu-down | 12 | ||||
| -rwxr-xr-x | ImmaeEu-up | 12 |
2 files changed, 18 insertions, 6 deletions
diff --git a/ImmaeEu-down b/ImmaeEu-down index d983a3b..19eafa1 100755 --- a/ImmaeEu-down +++ b/ImmaeEu-down | |||
| @@ -4,11 +4,17 @@ | |||
| 4 | [ -e /tmp/tinc_$NETNAME ] && . /tmp/tinc_$NETNAME | 4 | [ -e /tmp/tinc_$NETNAME ] && . /tmp/tinc_$NETNAME |
| 5 | [ -e /run/tinc_$NETNAME.vars ] && . /run/tinc_$NETNAME.vars | 5 | [ -e /run/tinc_$NETNAME.vars ] && . /run/tinc_$NETNAME.vars |
| 6 | rm -f /tmp/tinc_$NETNAME /run/tinc_$NETNAME.vars || true | 6 | rm -f /tmp/tinc_$NETNAME /run/tinc_$NETNAME.vars || true |
| 7 | [ -n "$GWIP" ] && ip -6 route del default via $GWIP table 655 | 7 | if false; then |
| 8 | # Allow accessing the external world from the ip | ||
| 9 | [ -n "$GWIP" ] && ip -6 route del default via $GWIP table 655 | ||
| 10 | fi | ||
| 8 | for MYIP in $MYIPS; do | 11 | for MYIP in $MYIPS; do |
| 9 | ip -6 addr del $MYIP/96 dev $INTERFACE | 12 | ip -6 addr del $MYIP/96 dev $INTERFACE |
| 10 | ip -6 rule del from $MYIP/96 table 655 | 13 | if false; then |
| 11 | ip -6 rule del to $MYIP/96 table 655 | 14 | # Allow accessing the external world from the ip |
| 15 | ip -6 rule del from $MYIP/96 table 655 | ||
| 16 | ip -6 rule del to $MYIP/96 table 655 | ||
| 17 | fi | ||
| 12 | done | 18 | done |
| 13 | ip -6 link set $INTERFACE down | 19 | ip -6 link set $INTERFACE down |
| 14 | 20 | ||
| @@ -20,8 +20,14 @@ echo -e "MYIPS=\"$MYIPS\"\nGWIP=\"$GWIP\"" > /run/tinc_$NETNAME.vars | |||
| 20 | ip -6 link set $INTERFACE up mtu 1280 | 20 | ip -6 link set $INTERFACE up mtu 1280 |
| 21 | for MYIP in $MYIPS; do | 21 | for MYIP in $MYIPS; do |
| 22 | ip -6 addr add $MYIP/96 dev $INTERFACE | 22 | ip -6 addr add $MYIP/96 dev $INTERFACE |
| 23 | ip -6 rule add from $MYIP/96 table 655 | 23 | if false; then |
| 24 | ip -6 rule add to $MYIP/96 table 655 | 24 | # Allow accessing the external world from the ip |
| 25 | ip -6 rule add from $MYIP/96 table 655 | ||
| 26 | ip -6 rule add to $MYIP/96 table 655 | ||
| 27 | fi | ||
| 25 | done | 28 | done |
| 26 | ip -6 route add default via $GWIP dev $INTERFACE table 655 | 29 | if false; then |
| 30 | # Allow accessing the external world from the ip | ||
| 31 | ip -6 route add default via $GWIP dev $INTERFACE table 655 | ||
| 32 | fi | ||
| 27 | (cd "$SCRIPT_DIR" && git pull -q origin master) || true | 33 | (cd "$SCRIPT_DIR" && git pull -q origin master) || true |