webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-20 16:02:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change some iptables rules to match new negation syntax.

Browse Source
This commit is contained in:
Arne Fitzenreiter
2010-02-15 20:15:11 +01:00
parent fb617ff539
commit dd79c3999b
5 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/qos/makeqosscripts.pl
View File

@@ -514,7 +514,7 @@ print <<END
### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES
iptables -t mangle -N QOS-INC
iptables -t mangle -A POSTROUTING -m mark ! --mark 0 -o ! $qossettings{'RED_DEV'} -j IMQ --todev 0
iptables -t mangle -A POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0
iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC
iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS
@@ -687,7 +687,7 @@ print <<END
tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1
# STOP IMQ-DEVICE
ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1
iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 -o ! $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1
iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1
iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1
# rmmod imq # this crash on 2.6.25.xx
# REMOVE & FLUSH CHAINS

2
src/initscripts/init.d/firewall
View File

@@ -186,7 +186,7 @@ case "$1" in
/sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT ! -p icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
# If a host on orange tries to initiate a connection to IPFire's red IP and

0
src/misc-progs/Makefile Executable file → Normal file
View File

0
src/misc-progs/setaliases.c Executable file → Normal file
View File

6
src/misc-progs/wirelessctrl.c
View File

@@ -151,7 +151,7 @@ int main(void)
(VALID_IP(ipaddress))) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -o ! %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
safe_system(command);
@@ -161,7 +161,7 @@ int main(void)
if (strlen(macaddress) == 17) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -o ! %s -j ACCEPT", macaddress, blue_dev, green_dev);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
safe_system(command);
@@ -170,7 +170,7 @@ int main(void)
if (VALID_IP(ipaddress)) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -o ! %s -j ACCEPT", ipaddress, blue_dev, green_dev);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
safe_system(command);