3 if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
4 shopt -s inherit_errexit
2>/dev
/null ||
: # ignore fail in bash < 4.4
6 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
8 # This prevents exim from connecting out to an ip not through the vpn.
9 # Before this, I had set exim to be BindsTo=wg-quick@wgmail, which
10 # generally made sure it wouldn't run unless the vpn ran, and plus I set
11 # a specific interface in the main remote smtp transport. However,
12 # However, that wasn't bulletproof, exim spec says about "interface: The
13 # first interface of the correct type (IPv4 or IPv6) is used for the
14 # outgoing connection. If none of them are the correct type, the option
15 # is ignored." And then I found out that the BindsTo results in exim
16 # never starting if the vpn fails to start the first time, then starts
17 # on the systemd automatic restart. Ugh. So, better to use Wants instead
20 if !/usr
/sbin
/iptables
-C OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT
&>/dev
/null
; then
21 /usr
/sbin
/iptables
-I OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT
25 if !/usr
/sbin
/ip6tables
-C OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT
&>/dev
/null
; then
26 /usr
/sbin
/ip6tables
-I OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT