summaryrefslogtreecommitdiff
path: root/openwrt/target/default/target_skeleton/etc
diff options
context:
space:
mode:
authormbm <mbm@3c298f89-4303-0410-b956-a3cf2f4a3e73>2005-05-13 13:49:48 +0000
committermbm <mbm@3c298f89-4303-0410-b956-a3cf2f4a3e73>2005-05-13 13:49:48 +0000
commit9313b904536d595361703f559e34d16bc6412611 (patch)
treefbad2e14e6a387144ccce3307653c9c8f7ce0f43 /openwrt/target/default/target_skeleton/etc
parentf9b510327c4185d3a17a85858c6cc68d4b6f8303 (diff)
cleanup login script, change firewall example
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@881 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'openwrt/target/default/target_skeleton/etc')
-rwxr-xr-xopenwrt/target/default/target_skeleton/etc/init.d/S45firewall16
1 files changed, 8 insertions, 8 deletions
diff --git a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
index 7b55643123..a506637255 100755
--- a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
@@ -1,7 +1,7 @@
#!/bin/sh
. /etc/functions.sh
-export WAN=$(nvram get wan_ifname)
-export LAN=$(nvram get lan_ifname)
+WAN=$(nvram get wan_ifname)
+LAN=$(nvram get lan_ifname)
## CLEAR TABLES
for T in filter nat mangle; do
@@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
### Port forwarding
-# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2
-# iptables -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
+# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
+# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
### INPUT
### (connections with the router as destination)
@@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule
iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+ iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# allow
- iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
- iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
- iptables -A INPUT -p 47 -j ACCEPT # allow GRE
- iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
+ iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
+ iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
+ iptables -A INPUT -p gre -j ACCEPT # allow GRE
#
# insert accept rule or to jump to new accept-check table here
#