#!/bin/sh
#
# simple firewall vpn natting
#  /etc/systemd/system/my-fw_ovpn-sh.service
#  /etc/systemd/system/multi-user.target.wants/my-fw_ovpn-sh.service
#


#cert
VPN1194=172.17.99.0/24          #client pc
VPN1195=172.17.97.0/24          #mobile
VPN443=172.17.98.0/24           #https

#ptp
VPN5001=172.31.1.0/24           
VPN5002=172.31.98.0/24          
VPN5003=172.31.3.0/24          


GWVPN=192.168.99.105


echo "Bash OpenVPN rule....."

echo 1 >  /proc/sys/net/ipv4/ip_forward


# START:
# PULIZIA TABELLE
        iptables -F
        iptables -F -t nat
        iptables -F -t mangle
        iptables -X

# POLICY TABELLE
        iptables -P INPUT ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P OUTPUT ACCEPT

# regole nat openvpn
iptables -t nat -A POSTROUTING -o eth0 -s $VPN1194 -j SNAT --to  $GWVPN
iptables -t nat -A POSTROUTING -o eth0 -s $VPN1195 -j SNAT --to  $GWVPN
iptables -t nat -A POSTROUTING -o eth0 -s $VPN443  -j SNAT --to  $GWVPN

iptables -t nat -A POSTROUTING -o eth0 -s $VPN5001 -j SNAT --to  $GWVPN
iptables -t nat -A POSTROUTING -o eth0 -s $VPN5002 -j SNAT --to  $GWVPN
iptables -t nat -A POSTROUTING -o eth0 -s $VPN5003 -j SNAT --to  $GWVPN