From 81fbd1a3b93b8ec7abc5af38e9ffa4fa492e3f74 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 3 Jan 2019 17:01:29 -0200
Subject: Provision: IPredator: firewall support

---
 share/provision/ipredator | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'share/provision/ipredator')

diff --git a/share/provision/ipredator b/share/provision/ipredator
index 8ceb348..ca762c9 100755
--- a/share/provision/ipredator
+++ b/share/provision/ipredator
@@ -29,7 +29,17 @@ APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
 # Provision the basic stuff
 $DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR
 
-# ipredator 
+# Firewall
+# See https://blog.ipredator.se/linux-firewall-howto.html
+$APT_INSTALL ferm ulogd2 ulogd2-pcap
+sudo cp $DIRNAME/files/ipredator/etc/ferm/ferm.conf /etc/ferm
+sudo cp $DIRNAME/files/ipredator/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
+sudo cp $DIRNAME/files/ipredator/usr/local/bin/fermreload.sh /usr/local/bin
+sudo chmod 555 /usr/local/bin/fermreload.sh
+sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm
+sudo service ferm restart
+
+# IPredator 
 # See https://www.ipredator.se/guide/openvpn/debian/native
 sudo cp $DIRNAME/files/ipredator/etc/openvpn/ipredator.conf /etc/openvpn
 sudo touch /etc/openvpn/ipredator.auth
-- 
cgit v1.2.3