[redsocks] Always exclude boot server

author: Simon Rettberg 2018-10-02 16:57:25 +0200
committer: Simon Rettberg 2018-10-02 16:57:25 +0200
commit: 0201256507355a8e2a7320b037f59fb4cbc270ee (patch)
tree: b530cecf3aa83fa2b3b68e7ced62e4161bf416e1 /core/modules/redsocks
parent: [redocks] HIRN AN! (diff)
download: mltk-0201256507355a8e2a7320b037f59fb4cbc270ee.tar.gz
mltk-0201256507355a8e2a7320b037f59fb4cbc270ee.tar.xz
mltk-0201256507355a8e2a7320b037f59fb4cbc270ee.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
index 94135bc3..68501f20 100755
--- a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
+++ b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
@@ -61,6 +61,11 @@ iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
 iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
 HEREDOCBROWN
 
+if [ -n "$SLX_PXE_SERVER_IP" ]; then
+	# Exclude boot server; we wouldn't be here if it weren't reachable directly
+	echo "iptables -t nat -A REDSOCKS -d '$SLX_PXE_SERVER_IP' -j RETURN" >> "$tfile"
+fi
+
 if [ -n "$SLX_PROXY_BLACKLIST" ]; then
 	for ADDR in $SLX_PROXY_BLACKLIST; do
 		echo "iptables -t nat -A REDSOCKS -d '$ADDR'-j RETURN"
author	Simon Rettberg	2018-10-02 16:57:25 +0200
committer	Simon Rettberg	2018-10-02 16:57:25 +0200
commit	0201256507355a8e2a7320b037f59fb4cbc270ee (patch)
tree	b530cecf3aa83fa2b3b68e7ced62e4161bf416e1 /core/modules/redsocks
parent	[redocks] HIRN AN! (diff)
download	mltk-0201256507355a8e2a7320b037f59fb4cbc270ee.tar.gz mltk-0201256507355a8e2a7320b037f59fb4cbc270ee.tar.xz mltk-0201256507355a8e2a7320b037f59fb4cbc270ee.zip