Last active
February 11, 2021 20:39
-
-
Save viertelb/8129185ef44706efe9ded4b7f647650a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Set our rules so the debian-transmission user group can only route through the vpn | |
| # https://askubuntu.com/questions/37412/how-can-i-ensure-transmission-traffic-uses-a-vpn | |
| sudo apt-get install iptables | |
| sudo apt-get install iptables-persistent | |
| sudo apt-get install transmission-cli | |
| sudo apt-get install transmission-daemon | |
| iptables -F | |
| NET=192.168.100.0/24 | |
| GROUP=debian-transmission | |
| IFACE_INTERNAL=eth0 | |
| IFACE_VPN=tun0 | |
| ALLOW_PORT_FROM_LOCAL=9091 | |
| iptables -A OUTPUT -d $NET -p tcp --sport $ALLOW_PORT_FROM_LOCAL -m owner --gid-owner $GROUP -o $IFACE_INTERNAL -j ACCEPT | |
| iptables -A OUTPUT -d $NET -p udp --sport $ALLOW_PORT_FROM_LOCAL -m owner --gid-owner $GROUP -o $IFACE_INTERNAL -j ACCEPT | |
| iptables -A OUTPUT -m owner --gid-owner $GROUP -o $IFACE_VPN -j ACCEPT | |
| iptables -A OUTPUT -m owner --gid-owner $GROUP -o lo -j ACCEPT | |
| iptables -A OUTPUT -m owner --gid-owner $GROUP -j REJECT | |
| # not needed - but added these to properly track data to these interfaces....when using iptables -L -v | |
| iptables -A INPUT -i $IFACE_VPN -j ACCEPT | |
| iptables -A INPUT -i $IFACE_INTERNAL -j ACCEPT | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # track any forward (NAT) data for completeness - don't care about interfaces | |
| iptables -A FORWARD | |
| iptables -L -v | |
| echo "*********************************************" | |
| echo "do: sudo dpkg-reconfigure iptables-persistent" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment