firewall: Allow blocking access to GREEN from GREEN.

2026-04-24 18:03:06 +02:00 · 2014-05-20 11:41:23 +02:00
parent 8e59a6022b
commit c0e0848f99
2 changed files with 7 additions and 1 deletions
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,7 +179,10 @@ iptables_init() {
 	iptables -t nat -A POSTROUTING -j IPSECNAT

 	# localhost and ethernet.
-	iptables -A INPUT   -i $GREEN_DEV  -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
+	# Always allow accessing the web GUI from GREEN.
+	iptables -N GUIINPUT
+	iptables -A INPUT -j GUIINPUT
+	iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT

 	# WIRELESS chains
 	iptables -N WIRELESSINPUT