iankelling.org
/
git
/
distro-setup
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
lots: shellcheck, streaming stuff, fixes
[distro-setup]
/
trusted-network
diff --git
a/trusted-network
b/trusted-network
index c0ed8a5094fcdadd153b291e4461dbf7251b37d2..755fb1f5239dd999f2388471ee6fe09e352eb25b 100755
(executable)
--- a/
trusted-network
+++ b/
trusted-network
@@
-8,8
+8,6
@@
source /a/bin/bash-bear-trap/bash-bear
source /a/bin/bash-bear-trap/bash-bear
-readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
-readonly this_dir="${this_file%/*}"
script_name="${BASH_SOURCE[0]}"
script_name="${script_name##*/}"
script_name="${BASH_SOURCE[0]}"
script_name="${script_name##*/}"
@@
-57,13
+55,17
@@
if $trust; then
fi
fi
fi
fi
- rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+ # https://github.com/jonathanio/update-systemd-resolved
+ # suggests this will help prevent leakage into a vpn interface
+ cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+Domains=~.
+EOF
else #untrusted
# https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
[Resolve]
DNS=${servers[@]}
else #untrusted
# https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
[Resolve]
DNS=${servers[@]}
-Domains=b8.nz
+Domains=
~.
b8.nz
DNSOverTLS=yes
EOF
DNSOverTLS=yes
EOF
@@
-88,7
+90,7
@@
fi
# wait for networkmanager to come back
# wait for networkmanager to come back
-for
f in {1..20}
; do
+for
((i=0; i<10; i++))
; do
if read -r _ _ _ _ gateway_if _ < <(ip route get 8.8.8.8); then
break
fi
if read -r _ _ _ _ gateway_if _ < <(ip route get 8.8.8.8); then
break
fi