[Astlinux-commits] SF.net SVN: astlinux:[6540] branches/1.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 6540
          http://sourceforge.net/p/astlinux/code/6540
Author:   abelbeck
Date:     2014-06-08 20:05:31 +0000 (Sun, 08 Jun 2014)
Log Message:
-----------
arnofw, add support for multiple 'Allow OpenVPN' LAN interfaces using OVPN_ALLOWLAN and OVPNC_ALLOWLAN

Modified Paths:
--------------
    branches/1.0/package/arnofw/arnofw.wrapper
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/arnofw/arnofw.wrapper
===================================================================

--- branches/1.0/package/arnofw/arnofw.wrapper	2014-06-05 17:04:44 UTC (rev 6539)
+++ branches/1.0/package/arnofw/arnofw.wrapper	2014-06-08 20:05:31 UTC (rev 6540)
@@ -1,27 +1,12 @@
 #
 # In this shim, we're invoked after /etc/arno-iptables-firewall/firewall.conf
 # has been read.  We then read /etc/rc.conf, and paste in variables from
-# the latter file that should override whatever values were configured in
-# firewall.conf.  Reason being that it should be easy to swap between
-# arno-iptables-firewall and astfw (and back again) with fewer values to
-# reconfigure.
+# the latter file that will override whatever values were configured in
+# firewall.conf.
 #
-# You could argue that this will be confusing, and I wouldn't disagree.
-#
-# Ideally, we should have the values in /etc/rc.conf and firewall.conf
-# converge... and possibly finalize on a single firewall project for
-# AstLinux.
-#
 
 . /etc/rc.conf
 
-#
-# the attrocious logic below is to make sure that if INTIF='' and INT2IF=''
-# and INT3IF='', then INT_IF='' as well (and not a string of spaces).
-#
-# this is so that tests for [ -n "$INT_IF" ] do exactly what they should.
-#
-
 isVPNtype()
 {
   # args: vpn_type
@@ -229,13 +214,18 @@
       ovpnIF="$OVPN_DEV"
     fi
     addINTERNALnet "$ovpnIF" "$ovpnIP" "$ovpnNM"
-    allowif="$(getLANinterface "$OVPN_ALLOWLAN")"
-    if [ $? -eq 0 ]; then
-      IFS=' ,'
-      for intf in $INT_IF; do
-        if [ "$intf" = "$allowif" ]; then
-          IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
-          break;
+    if [ -n "$OVPN_ALLOWLAN" ]; then
+      unset IFS
+      for lan in $OVPN_ALLOWLAN; do
+        allowif="$(getLANinterface "$lan")"
+        if [ $? -eq 0 ]; then
+          IFS=' ,'
+          for intf in $INT_IF; do
+            if [ "$intf" = "$allowif" ]; then
+              IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
+              break;
+            fi
+          done
         fi
       done
     fi
@@ -256,13 +246,18 @@
       ovpnIF="$OVPNC_DEV"
     fi
     addNOnatINTERNALnet "$ovpnIF" "$ovpnIP" "$ovpnNM"
-    allowif="$(getLANinterface "$OVPNC_ALLOWLAN")"
-    if [ $? -eq 0 ]; then
-      IFS=' ,'
-      for intf in $INT_IF; do
-        if [ "$intf" = "$allowif" ]; then
-          IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
-          break;
+    if [ -n "$OVPNC_ALLOWLAN" ]; then
+      unset IFS
+      for lan in $OVPNC_ALLOWLAN; do
+        allowif="$(getLANinterface "$lan")"
+        if [ $? -eq 0 ]; then
+          IFS=' ,'
+          for intf in $INT_IF; do
+            if [ "$intf" = "$allowif" ]; then
+              IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
+              break;
+            fi
+          done
         fi
       done
     fi

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2014-06-05 17:04:44 UTC (rev 6539)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2014-06-08 20:05:31 UTC (rev 6540)
@@ -596,8 +596,8 @@
 #username1 password1
 #username2 password2
 #"
-## Allow OpenVPN Server tunnel to one LAN Interface, defaults to disallow
-## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface
+## Allow OpenVPN Server tunnel to LAN Interface(s), defaults to disallow
+## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
 #OVPN_ALLOWLAN="INTIF"
 ##
 ## Firewall Options, automatically supported via AIF openvpn-server plugin.
@@ -635,8 +635,8 @@
 #OVPNC_USER_PASS="user pass"
 ## Define ns-cert-type if set
 #OVPNC_NSCERTTYPE="server"
-## Allow OpenVPN Client tunnel to one LAN Interface, defaults to disallow
-## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface
+## Allow OpenVPN Client tunnel to LAN Interface(s), defaults to disallow
+## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
 #OVPNC_ALLOWLAN="INTIF"
 
 ## Racoon support - VPN above must include "racoon"

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



