Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 149305 Details for
Bug 217141
net-wireless/coova-chilli-1.0.11 (new ebuild)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
files/firewall.iptables
firewall.iptables (text/plain), 1.96 KB, created by
Laurento Frittella (mrfree)
on 2008-04-10 14:26:05 UTC
(
hide
)
Description:
files/firewall.iptables
Filename:
MIME Type:
Creator:
Laurento Frittella (mrfree)
Created:
2008-04-10 14:26:05 UTC
Size:
1.96 KB
patch
obsolete
>#!/bin/sh ># ># Firewall script for ChilliSpot ># A Wireless LAN Access Point Controller ># ># Uses $EXTIF (eth0) as the external interface (Internet or intranet) and ># $INTIF (eth1) as the internal interface (access points). ># ># ># SUMMARY ># * All connections originating from chilli are allowed. ># * Only ssh is allowed in on external interface. ># * Nothing is allowed in on internal interface. ># * Forwarding is allowed to and from the external interface, but disallowed ># to and from the internal interface. ># * NAT is enabled on the external interface. > >IPTABLES="/sbin/iptables" >EXTIF="eth0" >INTIF="eth1" > >#Flush all rules >$IPTABLES -F >$IPTABLES -F -t nat >$IPTABLES -F -t mangle > >#Set default behaviour >$IPTABLES -P INPUT DROP >$IPTABLES -P FORWARD ACCEPT >$IPTABLES -P OUTPUT ACCEPT > >#Allow related and established on all interfaces (input) >$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > >#Allow releated, established and ssh on $EXTIF. Reject everything else. >$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT >$IPTABLES -A INPUT -i $EXTIF -j REJECT > >#Allow related and established from $INTIF. Drop everything else. >$IPTABLES -A INPUT -i $INTIF -j DROP > >#Allow http and https on other interfaces (input). >#This is only needed if authentication server is on same server as chilli >$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT >$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT > >#Allow 3990 on other interfaces (input). >$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT > >#Allow ICMP echo on other interfaces (input). >$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT > >#Allow everything on loopback interface. >$IPTABLES -A INPUT -i lo -j ACCEPT > ># Drop everything to and from $INTIF (forward) ># This means that access points can only be managed from ChilliSpot >$IPTABLES -A FORWARD -i $INTIF -j DROP >$IPTABLES -A FORWARD -o $INTIF -j DROP > >#Enable NAT on output device >$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=149305">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 217141
:
149301
|
149303
| 149305
