added group isolation for vpns

script.sh.template

@@ -7,15 +7,23 @@ if [ $(cat /etc/iproute2/rt_tables | grep {{route_table_name}} | wc -l) -eq 0 ];
     echo "{{route_table_id}}  {{route_table_name}}" >> /etc/iproute2/rt_tables
 fi
 
+# create group if it does not exist
+if [ $(getent group|grep {{route_table_name}} | wc -l) -eq 0 ]; then
+    groupadd {{route_table_name}}
+fi
+
+iptables -t mangle -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}}
+iptables -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE
 # populate route table
 ip route flush table {{route_table_name}}
 ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} table {{route_table_name}}
 ip route add default via ${route_vpn_gateway} table {{route_table_name}}
-
+ip route add 192.168.122.0/24 via 192.168.122.1 dev enp1s0 table {{route_table_name}}
 # add vpn_gateway to main route table
 ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local}
 
-
+ip rule add fwmark {{route_table_id}} table {{route_table_name}} pref {{rule_pref}} 
 #ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}
+iptables -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT
 
 exit 0