Provision: IPRedator: Transmission support

diff --git a/share/provision/files/ipredator/etc/ferm/ferm.conf b/share/provision/files/ipredator/etc/ferm/ferm.conf
index d7b97a3d984f212ae4568392df08533863e40736..a25a3d21263123135f91142df905921687434fc6 100644 (file)
--- a/share/provision/files/ipredator/etc/ferm/ferm.conf
+++ b/share/provision/files/ipredator/etc/ferm/ferm.conf
@@ -35,6 +35,10 @@
 # stick to only those that you really need.
 @def $PORT_OPENVPN = (1194 1234 1337 2342 5060);
 
+# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html
+# Ports Transmission is allowed to use.
+@def $PORT_TRANSMISSION = 16384:65535;
+
 # Public DNS servers and those that are only reachable via VPN.
 # DNS servers are specified in the outbound DNS rules to prevent DNS leaks
 # (https://www.dnsleaktest.com/). The public DNS servers configured on your
@@ -59,6 +63,11 @@
 @if $VPN_ACTIVE {
     domain ip {
         table filter {
+            chain INPUT {
+                interface $DEV_VPN {
+                    proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT;
+                }
+            }
             chain OUTPUT {
                 # Default allowed outbound services on the VPN interface.
                 # If you need more simply add your rules here.
@@ -67,6 +76,7 @@
                     proto tcp dport $PORT_FTP ACCEPT;
                     proto udp dport $PORT_NTP ACCEPT;
                     proto tcp dport $PORT_SSH ACCEPT;
+                    proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT;
                     proto tcp dport $PORT_WEB ACCEPT;
                 }
             }