1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-29 19:01:52 +02:00

cleanup login script, change firewall example

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@881 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
mbm 2005-05-13 13:49:48 +00:00
parent f9b510327c
commit 9313b90453
2 changed files with 25 additions and 26 deletions

View File

@ -1,21 +1,20 @@
#!/bin/sh
[ "$FAILSAFE" = "true" ] && exec /bin/ash --login
[ -f /etc/sysconf ] && . /etc/sysconf
if [ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ]; then
if grep '^root:!' /etc/passwd > /dev/null 2>/dev/null; then
echo "You need to set a login password to protect your"
echo "Router from unauthorized access."
echo
echo "Use 'passwd' to set your password."
echo "telnet login will be disabled afterwards,"
echo "You can then login using SSH."
echo
else
echo "Login failed."
exit 0
fi
fi
. /etc/sysconf 2>&-
[ "$FAILSAFE" != "true" ] &&
[ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ] &&
{
grep '^root:[^!]' /etc/passwd >&- 2>&- &&
{
echo "Login failed."
exit 0
} || {
cat << EOF
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
EOF
}
}
exec /bin/ash --login

View File

@ -1,7 +1,7 @@
#!/bin/sh
. /etc/functions.sh
export WAN=$(nvram get wan_ifname)
export LAN=$(nvram get lan_ifname)
WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)
## CLEAR TABLES
for T in filter nat mangle; do
@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
### Port forwarding
# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2
# iptables -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
### INPUT
### (connections with the router as destination)
@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule
iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# allow
iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
iptables -A INPUT -p 47 -j ACCEPT # allow GRE
iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
iptables -A INPUT -p gre -j ACCEPT # allow GRE
#
# insert accept rule or to jump to new accept-check table here
#