webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-17 14:33:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: edited /src/initscripts/init.d/firewall and misc-progs/wirelessctrl.c

Browse Source 
added WIRELESSFORWARD to FORWARDFW (instead of FORWARD) so that rules work
commented out DMZHOLES lines in wirelessctrl.c to get rid of booterrormessages (There's no DMZHOLES anymore)
This commit is contained in:
Alexander Marx
2013-01-10 12:17:30 +01:00
committed by Michael Tremer
parent 54cb7ff019
commit 8139398721
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/initscripts/init.d/firewall
View File

@@ -221,6 +221,12 @@ case "$1" in
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARDFW -m state --state NEW -j WIRELESSFORWARD
# OPenSSL
/sbin/iptables -N OPENSSLPHYSICAL

12
src/misc-progs/wirelessctrl.c
View File

@@ -156,8 +156,8 @@ int main(void)
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
safe_system(command);
/*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
safe_system(command);*/
} else {
/* correctly formed mac address is 17 chars */
@@ -166,8 +166,8 @@ int main(void)
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
safe_system(command);
/*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
safe_system(command);*/
}
if (VALID_IP_AND_MASK(ipaddress)) {
@@ -175,8 +175,8 @@ int main(void)
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
safe_system(command);
/*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
safe_system(command);*/
}
}
}