From f53fb1ed6e3c2786e7dcb92d77a573095af6bfe9 Mon Sep 17 00:00:00 2001
From: bedefaced <thisisnewlife@mail.ru>
Date: Sat, 26 Aug 2017 16:34:04 +0300
Subject: [PATCH] default reject rules removing

---
 ipsec/iptables-setup.sh   |  3 +++
 openvpn/iptables-setup.sh |  4 ++++
 pptp/iptables-setup.sh    | 13 +++++--------
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/ipsec/iptables-setup.sh b/ipsec/iptables-setup.sh
index a8a8fb6..24b2e96 100755
--- a/ipsec/iptables-setup.sh
+++ b/ipsec/iptables-setup.sh
@@ -98,6 +98,9 @@ eval iptables -A OUTPUT -p esp -j ACCEPT $COMMENT
 eval iptables -A INPUT -p ah -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT
 
+# remove standart REJECT rules
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
 
 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
diff --git a/openvpn/iptables-setup.sh b/openvpn/iptables-setup.sh
index ca9e6df..4a81dcf 100755
--- a/openvpn/iptables-setup.sh
+++ b/openvpn/iptables-setup.sh
@@ -85,6 +85,10 @@ eval iptables -A OUTPUT -o tun+ -j ACCEPT $COMMENT
 eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT
 
+# remove standart REJECT rules
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+
 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
 iptables-restore < $IPTABLES
diff --git a/pptp/iptables-setup.sh b/pptp/iptables-setup.sh
index ca21772..137f4a3 100755
--- a/pptp/iptables-setup.sh
+++ b/pptp/iptables-setup.sh
@@ -3,13 +3,6 @@
 DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 source $DIR/env.sh
 
-if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
-	systemctl enable iptables
-	systemctl stop firewalld
-	systemctl disable firewalld
-	systemctl start iptables
-fi
-
 COMMENT=" -m comment --comment \"PPTP\""
 
 if [[ ! -e $IPTABLES ]]; then
@@ -35,7 +28,7 @@ done
 
 # detect default gateway interface
 echo "Found next network interfaces:"
-ifconfig -a | sed 's/[: \t].*//;/^\(lo\|\)$/d'
+ifconfig -a | sed 's/[ \t].*//;/^\(lo\|\)$/d'
 echo
 GATE=$(route | grep '^default' | grep -o '[^ ]*$')
 read -p "Enter your external network interface: " -i $GATE -e GATE
@@ -82,6 +75,10 @@ eval iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT $COMMENT
 eval iptables -A INPUT -p gre -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT
 
+# remove standart REJECT rules
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+
 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
 iptables-restore < $IPTABLES