2 # I, Ian Kelling, follow the GNU license recommendations at
3 # https://www.gnu.org/licenses/license-recommendations.en.html. They
4 # recommend that small programs, < 300 lines, be licensed under the
5 # Apache License 2.0. This file contains or is part of one or more small
6 # programs. If a small program grows beyond 300 lines, I plan to switch
9 # Copyright 2024 Ian Kelling
11 # Licensed under the Apache License, Version 2.0 (the "License");
12 # you may not use this file except in compliance with the License.
13 # You may obtain a copy of the License at
15 # http://www.apache.org/licenses/LICENSE-2.0
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
24 if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
25 shopt -s inherit_errexit
2>/dev
/null ||
: # ignore fail in bash < 4.4
27 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
29 # This prevents exim from connecting out to an ip not through the vpn.
30 # Before this, I had set exim to be BindsTo=wg-quick@wgmail, which
31 # generally made sure it wouldn't run unless the vpn ran, and plus I set
32 # a specific interface in the main remote smtp transport. However,
33 # However, that wasn't bulletproof, exim spec says about "interface: The
34 # first interface of the correct type (IPv4 or IPv6) is used for the
35 # outgoing connection. If none of them are the correct type, the option
36 # is ignored." And then I found out that the BindsTo results in exim
37 # never starting if the vpn fails to start the first time, then starts
38 # on the systemd automatic restart. Ugh. So, better to use Wants instead
41 if ! /usr
/sbin
/iptables
-C OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT
&>/dev
/null
; then
42 /usr
/sbin
/iptables
-I OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT
46 if ! /usr
/sbin
/ip6tables
-C OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT
&>/dev
/null
; then
47 /usr
/sbin
/ip6tables
-I OUTPUT
-p tcp
-m tcp
--dport 25 -o veth1-mail
-j REJECT