From 6c8d381b154b1b8e5294741630ec4faf0c368d59 Mon Sep 17 00:00:00 2001 From: Matthew Saunders Brown Date: Mon, 15 Mar 2021 11:02:28 -0700 Subject: [PATCH] force ufw enable, hide dnsmasq install startup failure --- wg-install.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/wg-install.sh b/wg-install.sh index cd66dd8..cceaa2f 100755 --- a/wg-install.sh +++ b/wg-install.sh @@ -39,6 +39,8 @@ if [ -d /etc/dnsmasq.d ]; then exit 1 fi +# check for / set hostname + # assumes a single IP on a /24 subnet is provisioned on the server # you can change this to fit your network, or just set to a specific IP # used by wireguard for vpn connections & stubby for DNS queries @@ -120,6 +122,14 @@ wget --output-document=/usr/local/etc/hosts https://raw.githubusercontent.com/St # dnsmasq will use adware + malware hosts file # and listen on wireguard server private lan IP # can be used by clients for adblocking + +# create temporary policy-rc.d to stop dnsmasq from starting during install +# otherwise dnsmasq will fail to start due to ports in use and will show +# errors. not really a problem as later config resoves this, but the errors +# may cause concer for users running the install +install -m 755 /dev/null /usr/sbin/policy-rc.d +echo '#!/bin/sh' > /usr/sbin/policy-rc.d +echo 'exit 101' >> /usr/sbin/policy-rc.d apt -y install dnsmasq echo "domain-needed" > /etc/dnsmasq.d/local.conf echo "bogus-priv" >> /etc/dnsmasq.d/local.conf @@ -134,6 +144,8 @@ echo "no-negcache" >> /etc/dnsmasq.d/local.conf echo "listen-address=10.96.0.1" >> /etc/dnsmasq.d/local.conf echo "no-dhcp-interface=10.96.0.1" >> /etc/dnsmasq.d/local.conf echo "bind-interfaces" >> /etc/dnsmasq.d/local.conf +# remove temporary policy-rc.d +rm -f /usr/sbin/policy-rc.d systemctl restart dnsmasq.service # install and configure ufw firewall @@ -166,7 +178,7 @@ echo >> /etc/ufw/before.rules echo "# End each table with the 'COMMIT' line or these rules won't be processed" >> /etc/ufw/before.rules echo "COMMIT" >> /etc/ufw/before.rules -ufw enable +ufw --force enable # install & configure wireguard apt -y install net-tools wireguard wireguard-tools qrencode