mirror of
https://github.com/zyclonite/zerotier-docker.git
synced 2025-01-23 21:48:35 +01:00
fixed identation and make status default command
This commit is contained in:
System Administrator
parent
a747348477
commit
dd6b3538d6
@ -13,21 +13,21 @@ IPTABLES_CMD=iptables-legacy
|
||||
ZT_IFACE="zt+"
|
||||
|
||||
# function to add and remove the requisite rules
|
||||
# - $1 is either "A" (add) or "D" (delete)
|
||||
# - $1 is either "I" (insert), "A" (add) or "D" (delete)
|
||||
# - $2 is requested mode
|
||||
_update_iptables() {
|
||||
local action
|
||||
case "${1}" in
|
||||
"I" )
|
||||
action="Inserting"
|
||||
;;
|
||||
"I" )
|
||||
action="Inserting"
|
||||
;;
|
||||
"A" )
|
||||
action="Adding"
|
||||
;;
|
||||
"D" )
|
||||
action="Deleting"
|
||||
;;
|
||||
esac
|
||||
action="Adding"
|
||||
;;
|
||||
"D" )
|
||||
action="Deleting"
|
||||
;;
|
||||
esac
|
||||
|
||||
case "${2}" in
|
||||
"inbound" )
|
||||
@ -38,7 +38,7 @@ _update_iptables() {
|
||||
${IPTABLES_CMD} -${1} FORWARD -i ${PHY_IFACE} -o ${ZT_IFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
${IPTABLES_CMD} -${1} FORWARD -i ${ZT_IFACE} -o ${PHY_IFACE} -j ACCEPT
|
||||
done
|
||||
;;
|
||||
;;
|
||||
"outbound" )
|
||||
echo "${action} ${IPTABLES_CMD} rules for outbound traffic (local interfaces ${PHY_IFACES} to ZeroTier)"
|
||||
${IPTABLES_CMD} -t nat -${1} POSTROUTING -o ${ZT_IFACE} -j MASQUERADE
|
||||
@ -71,11 +71,11 @@ _get_current_mode() {
|
||||
|
||||
if [ -n "$( ${IPTABLES_CMD} -S -t nat 2> /dev/null | grep "\-o ${ZT_IFACE}" )" ]; then
|
||||
#either outbound or both
|
||||
if [ -n "$( ${IPTABLES_CMD} -S | grep "\-i ${ZT_IFACE}.*RELATED" )" ]; then
|
||||
echo "outbound"
|
||||
else
|
||||
echo "both"
|
||||
fi
|
||||
if [ -n "$( ${IPTABLES_CMD} -S | grep "\-i ${ZT_IFACE}.*RELATED" )" ]; then
|
||||
echo "outbound"
|
||||
else
|
||||
echo "both"
|
||||
fi
|
||||
elif [ -n "$( ${IPTABLES_CMD} -S | grep "\-i ${ZT_IFACE}.*ACCEPT" )" ]; then
|
||||
echo "inbound"
|
||||
elif [ -n "$( ${IPTABLES_CMD} -S | grep "\-i ${ZT_IFACE}.*DROP" )" ]; then
|
||||
@ -87,16 +87,16 @@ _get_current_mode() {
|
||||
|
||||
|
||||
_usage() {
|
||||
echo "Usage: $0 inbound | outbound | both | none | disable | status"
|
||||
echo "Usage: $0 [inbound | outbound | both | none | disable | status]"
|
||||
echo "Set, query or disable gateway mode."
|
||||
echo ""
|
||||
echo "Commands:"
|
||||
echo "Command:"
|
||||
echo " inbound Only permit traffic from the ZeroTier cloud to the local physical interfaces."
|
||||
echo " outbound Only permit traffic from the local physical interfaces to the ZeroTier cloud."
|
||||
echo " both Permit bi-directional traffic between the local physical interfaces and the ZeroTier cloud."
|
||||
echo " none Block all traffic between the local physical interfaces and the ZeroTier cloud."
|
||||
echo " disable Remove iptable rules. NOTE: because default forward rule is accept, this behaves like \"both\"."
|
||||
echo " status Show current gateway mode (e.g. inbound, outbound, etc)"
|
||||
echo " status Show current gateway mode (e.g. inbound, outbound, etc). Default if no command specified."
|
||||
echo ""
|
||||
exit $1
|
||||
}
|
||||
@ -110,62 +110,61 @@ main() {
|
||||
"inbound" )
|
||||
if [ ${mode} == "inbound" ]; then
|
||||
echo "Already in mode inbound."
|
||||
break
|
||||
break
|
||||
fi
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I inbound
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I inbound
|
||||
;;
|
||||
"outbound" )
|
||||
if [ ${mode} == "outbound" ] ; then
|
||||
echo "Already in mode outbound."
|
||||
break
|
||||
break
|
||||
fi
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I outbound
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I outbound
|
||||
;;
|
||||
"both" )
|
||||
if [ ${mode} == "both" ]; then
|
||||
echo "Already in mode both."
|
||||
break
|
||||
break
|
||||
fi
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I both
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I both
|
||||
;;
|
||||
"none" )
|
||||
if [ ${mode} == "none" ]; then
|
||||
echo "Already in mode none."
|
||||
break
|
||||
break
|
||||
fi
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I none
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
_update_iptables I none
|
||||
;;
|
||||
"disable" )
|
||||
if [ ${mode} == "disabled" ]; then
|
||||
echo "Already disabled."
|
||||
break
|
||||
break
|
||||
fi
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
if [ ! ${mode} == "disabled" ]; then
|
||||
_update_iptables D ${mode}
|
||||
fi
|
||||
;;
|
||||
"status" )
|
||||
echo ${mode}
|
||||
;;
|
||||
"" )
|
||||
echo "Please specify a valid argument."
|
||||
_usage 0
|
||||
echo ${mode}
|
||||
;;
|
||||
* )
|
||||
echo "Warning: Gateway mode (${1}) is not supported - ignored"
|
||||
return 1
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
return 0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user