Merge pull request #7 from vpnarea/ab77/operational

fix: use iptables-legacy
vpnarea · Oct 1, 2022 · 7749e14 · 7749e14
2 parents 9e2a16f + c6d6b08
commit 7749e14
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 14 deletions.
diff --git a/unzoner/functions b/unzoner/functions
@@ -20,17 +20,17 @@ function ipt_add_rule() {
     action=${2}
     rule="${3}"
     log """add: af=4 table=\'${table}\' action=\'${action}\' rule=\'${rule}\'"""
-    eval /sbin/iptables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
-     || eval /sbin/iptables --wait -t ${table} -${action} ${rule} || true
+    eval ip4tables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
+     || eval ip4tables --wait -t ${table} -${action} ${rule} || true
 }
 
 
 function ipt_del_rule() {
     table=${1}
     rule="${2}"
     log """del: af=4 table=\'${table}\' rule=\'${rule}\'"""
-    eval /sbin/iptables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
-      && eval /sbin/iptables --wait -t ${table} -D ${rule} || true
+    eval ip4tables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
+      && eval ip4tables --wait -t ${table} -D ${rule} || true
 }
 
 
@@ -39,17 +39,17 @@ function ip6t_add_rule() {
     action=${2}
     rule="${3}"
     log """add: af=6 table=\'${table}\' action=\'${action}\' rule=\'${rule}\'"""
-    eval /sbin/ip6tables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
-     || eval /sbin/ip6tables --wait -t ${table} -${action} ${rule} || true
+    eval ip6tables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
+     || eval ip6tables --wait -t ${table} -${action} ${rule} || true
 }
 
 
 function ip6t_del_rule() {
     table=${1}
     rule="${2}"
     log """del: af=6 table=\'${table}\' rule=\'${rule}\'"""
-    eval /sbin/ip6tables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
-      && eval /sbin/ip6tables --wait -t ${table} -D ${rule} || true
+    eval ip6tables --wait -t ${table} -C ${rule} > /dev/null 2>&1\
+      && eval ip6tables --wait -t ${table} -D ${rule} || true
 }
 
 

diff --git a/unzoner/scripts/server-down.sh b/unzoner/scripts/server-down.sh
@@ -11,9 +11,9 @@ log "server-down: \$0=$0 \$1=$1 \$2=$2 \$3=$3 \$5=$4 \$5=$5 \$6=$6 \$7=$7 \$8=$8
 
 log 'removing ipv4 rules...'
 if [[ ! "${TCP_PORTS}" == "#" ]] && [[ ! "${UDP_PORTS}" == "#" ]]; then
-    with_backoff iptables --wait -P FORWARD ACCEPT
+    with_backoff ip4tables --wait -P FORWARD ACCEPT
 else
-    with_backoff iptables --wait -P FORWARD ACCEPT
+    with_backoff ip4tables --wait -P FORWARD ACCEPT
 fi
 
 for proto in ${TUN_PROTO}; do

diff --git a/unzoner/scripts/server-up.sh b/unzoner/scripts/server-up.sh
@@ -17,9 +17,9 @@ ip link set dev ${1} mtu ${LINK_MTU_SERVER}
 
 log 'adding ipv4 rules...'
 if [[ ! "${TCP_PORTS}" == "#" ]] && [[ ! "${UDP_PORTS}" == "#" ]]; then
-    with_backoff iptables --wait -P FORWARD DROP
+    with_backoff ip4tables --wait -P FORWARD DROP
 else
-    with_backoff iptables --wait -P FORWARD ACCEPT
+    with_backoff ip4tables --wait -P FORWARD ACCEPT
 fi
 
 for proto in ${TUN_PROTO}; do

diff --git a/unzoner/start b/unzoner/start
@@ -90,7 +90,7 @@ declare -x WANPROXY_PORT=${WANPROXY_PORT:-3300}
 declare -x SOCAT_PORT=${SOCAT_PORT:-3302}
 declare -x UPNP_TCP_PORT_FORWARD=${UPNP_TCP_PORT_FORWARD:-${OPENVPN_PORT} ${STUNNEL_PORT} ${SOCAT_PORT}}
 declare -x UPNP_UDP_PORT_FORWARD=${UPNP_UDP_PORT_FORWARD:-${OPENVPN_PORT}}
-declare -x IPASN_DB=${IPASN_DB:-ipasn_20170201.1600.dat.gz}
+declare -x IPASN_DB=${IPASN_DB:-https://s3.eu-central-1.amazonaws.com/belodetech/ipasn_20220910.2242.dat.gz}
 declare -x AUTH=${AUTH:-none}
 declare -x CIPHER=${CIPHER:-none}
 declare -x CLIENT_CERT=${CLIENT_CERT:-0}
@@ -242,7 +242,9 @@ fi
 
 log 'creating iptables command aliases...'
 cat << EOF > /root/.aliases
-alias ip4tables=iptables
+alias iptables=iptables-legacy
+alias ip4tables=iptables-legacy
+alias ip6tables=ip6tables-legacy
 alias ip4tables-save=iptables-save
 alias ip4tables-restore=iptables-restore
 EOF