From 9a141a377ef6e9cc5f6c6b2ae225b42d47f3a11c Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Jan 2024 17:39:45 +0100 Subject: [PATCH] Add nftables support to OpenMPTCProuter-VPS for server VPN --- .../files/etc/init.d/openmptcprouter-vps | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 6b8c127c2..b1af71ac8 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -10,13 +10,13 @@ EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall g . /usr/lib/unbound/iptools.sh -if [ -f /usr/sbin/iptables-legacy ]; then - IPTABLES="/usr/sbin/iptables-legacy" - IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore" - IPTABLESSAVE="/usr/sbin/iptables-legacy-save" - IP6TABLES="/usr/sbin/ip6tables-legacy" - IP6TABLESRESTORE="/usr/sbin/ip6tables-legacy-restore" - IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save" +if [ -e /usr/sbin/iptables-nft ]; then + IPTABLES="/usr/sbin/iptables-nft" + IPTABLESRESTORE="/usr/sbin/iptables-nft-restore" + IPTABLESSAVE="/usr/sbin/iptables-nft-save" + IP6TABLES="/usr/sbin/ip6tables-nft" + IP6TABLESRESTORE="/usr/sbin/ip6tables-nft-restore" + IP6TABLESSAVE="/usr/sbin/ip6tables-nft-save" else IPTABLES="/usr/sbin/iptables" IPTABLESRESTORE="/usr/sbin/iptables-restore" @@ -947,8 +947,11 @@ _set_lan_ip() { _set_bypass_ips() { local settings [ -z "$servername" ] && servername=$1 - bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//') - bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//') + bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1_4 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//') + [ -z "$bypassipvs4" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_4" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}') + bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1_6 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//') + [ -z "$bypassipvs6" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_6" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}') + # " if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}' result=$(_set_json "bypass" "$settings")