From patchwork Sun Nov  7 17:40:00 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [Openvpn-devel] Fix error in example firewall.sh script
X-Patchwork-Submitter: Frank Lichtenheld <frank@lichtenheld.com>
X-Patchwork-Id: 2063
Message-Id: <20211107174000.16210-1-frank@lichtenheld.com>
To: openvpn-devel@lists.sourceforge.net
Cc: Adrian <adrian.crespo@protonmail.com>
Date: Sun,  7 Nov 2021 18:40:00 +0100
From: Frank Lichtenheld <frank@lichtenheld.com>
List-Id: <openvpn-devel.lists.sourceforge.net>

From: Adrian <adrian.crespo@protonmail.com>

The man page says:
[!] -s, --source address[/mask][,...]

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-By: David Sommerseth <davids@openvpn.net>
---
 sample/sample-config-files/firewall.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

As part of an initative to clean up the Github PR submissions, submitting
this patch to the mailing list for inclusion. Looks obviously correct to
me.

diff --git a/sample/sample-config-files/firewall.sh b/sample/sample-config-files/firewall.sh
index 19d75ee9..456700ca 100755
--- a/sample/sample-config-files/firewall.sh
+++ b/sample/sample-config-files/firewall.sh
@@ -50,7 +50,7 @@ iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP
 iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP
 
 # Check source address validity on packets going out to internet
-iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP
+iptables -A FORWARD ! -s $PRIVATE -i eth1 -j DROP
 
 # Allow local loopback
 iptables -A INPUT -s $LOOP -j ACCEPT