Marown/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2024-07-04 18:55:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improved firewall installation logic

Browse Source 
New logic makes way more sense:
- If either firewalld or iptables are present, use whatever we have
- If not, install firewalld in CentOS/Fedora and iptables in Debian/Ubuntu
This commit is contained in:
Nyr 2020-05-01 17:52:12 +02:00
parent ef30d9863c
commit 61549ffcef
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openvpn-install.sh
View File

@ -182,12 +182,18 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
[[ -z "$client" ]] && client="client" [[ -z "$client" ]] && client="client"
echo echo
echo "We are ready to set up your OpenVPN server now." echo "We are ready to set up your OpenVPN server now."
# DigitalOcean ships their CentOS and Fedora images without firewalld # Install a firewall in the rare case where one is not already available
# We don't want to silently enable a firewall, so we give a subtle warning if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then
# If the user continues, firewalld will be installed and enabled during setup if [[ "$os" == "centos" || "$os" == "fedora" ]]; then
if [[ "$os" == "centos" || "$os" == "fedora" ]] && ! systemctl is-active --quiet firewalld.service; then firewall="firewalld"
echo # We don't want to silently enable firewalld, so we give a subtle warning
echo "firewalld, which is required to manage routing tables, will also be installed." # If the user continues, firewalld will be installed and enabled during setup
echo
echo "firewalld, which is required to manage routing tables, will also be installed."
elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then
# iptables is way less invasive than firewalld so no warning is given
firewall="iptables"
fi
fi fi
echo echo
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
@ -199,14 +205,16 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
fi fi
if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then
apt-get update apt-get update
apt-get install -y openvpn iptables openssl ca-certificates apt-get install -y openvpn openssl ca-certificates $firewall
elif [[ "$os" = "centos" ]]; then elif [[ "$os" = "centos" ]]; then
yum install -y epel-release yum install -y epel-release
yum install -y openvpn firewalld openssl ca-certificates tar yum install -y openvpn openssl ca-certificates tar $firewall
systemctl enable --now firewalld.service
else else
# Else, OS must be Fedora # Else, OS must be Fedora
dnf install -y openvpn firewalld openssl ca-certificates tar dnf install -y openvpn openssl ca-certificates tar $firewall
fi
# If firewalld was just installed, enable it
if [[ "$firewall" == "firewalld" ]]; then
systemctl enable --now firewalld.service systemctl enable --now firewalld.service
fi fi
# Get easy-rsa # Get easy-rsa