From 578a1855975959f1cc33f0f52c2dbb8ae49433b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Mon, 30 Dec 2024 17:01:28 +0100
Subject: Remove outside access by default

---
 ImmaeEu-down | 12 +++++++++---
 ImmaeEu-up   | 12 +++++++++---
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/ImmaeEu-down b/ImmaeEu-down
index d983a3b..19eafa1 100755
--- a/ImmaeEu-down
+++ b/ImmaeEu-down
@@ -4,11 +4,17 @@
 [ -e /tmp/tinc_$NETNAME ] && . /tmp/tinc_$NETNAME
 [ -e /run/tinc_$NETNAME.vars ] && . /run/tinc_$NETNAME.vars
 rm -f /tmp/tinc_$NETNAME /run/tinc_$NETNAME.vars || true
-[ -n "$GWIP" ] && ip -6 route del default via $GWIP table 655
+if false; then
+  # Allow accessing the external world from the ip
+  [ -n "$GWIP" ] && ip -6 route del default via $GWIP table 655
+fi
 for MYIP in $MYIPS; do
   ip -6 addr del $MYIP/96 dev $INTERFACE
-  ip -6 rule del from $MYIP/96 table 655
-  ip -6 rule del to $MYIP/96 table 655
+  if false; then
+    # Allow accessing the external world from the ip
+    ip -6 rule del from $MYIP/96 table 655
+    ip -6 rule del to $MYIP/96 table 655
+  fi
 done
 ip -6 link set $INTERFACE down
 
diff --git a/ImmaeEu-up b/ImmaeEu-up
index 006b86f..072bce1 100755
--- a/ImmaeEu-up
+++ b/ImmaeEu-up
@@ -20,8 +20,14 @@ echo -e "MYIPS=\"$MYIPS\"\nGWIP=\"$GWIP\"" > /run/tinc_$NETNAME.vars
 ip -6 link set $INTERFACE up mtu 1280
 for MYIP in $MYIPS; do
   ip -6 addr add $MYIP/96 dev $INTERFACE
-  ip -6 rule add from $MYIP/96 table 655
-  ip -6 rule add to $MYIP/96 table 655
+  if false; then
+    # Allow accessing the external world from the ip
+    ip -6 rule add from $MYIP/96 table 655
+    ip -6 rule add to $MYIP/96 table 655
+  fi
 done
-ip -6 route add default via $GWIP dev $INTERFACE table 655
+if false; then
+  # Allow accessing the external world from the ip
+  ip -6 route add default via $GWIP dev $INTERFACE table 655
+fi
 (cd "$SCRIPT_DIR" && git pull -q origin master) || true
-- 
cgit v1.2.3