/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
- # If a host on orange tries to initiate a connection to IPCop's red IP and
+ # If a host on orange tries to initiate a connection to IPFire's red IP and
# the connection gets DNATed back through a port forward to a server on orange
- # we end up with orange -> orange traffic passing through IPCop
+ # we end up with orange -> orange traffic passing through IPFire
[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
# accept all traffic from ipsec interfaces
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
fi
+ # run openvpn
+ /usr/local/bin/openvpnctrl --create-chains-and-rules
# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
+ # stop openvpn
+ /usr/local/bin/openvpnctrl --delete-chains-and-rules
+
# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local stop