mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-30 21:15:19 +02:00
sync firewall script with whiterussian changes
git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4858 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
582b0b691c
commit
b664928394
@ -23,6 +23,10 @@ iptables -N forwarding_rule
|
|||||||
iptables -t nat -N prerouting_rule
|
iptables -t nat -N prerouting_rule
|
||||||
iptables -t nat -N postrouting_rule
|
iptables -t nat -N postrouting_rule
|
||||||
|
|
||||||
|
iptables -N LAN_ACCEPT
|
||||||
|
[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
|
||||||
|
iptables -A LAN_ACCEPT -j ACCEPT
|
||||||
|
|
||||||
### INPUT
|
### INPUT
|
||||||
### (connections with the router as destination)
|
### (connections with the router as destination)
|
||||||
|
|
||||||
@ -38,7 +42,7 @@ iptables -t nat -N postrouting_rule
|
|||||||
iptables -A INPUT -j input_rule
|
iptables -A INPUT -j input_rule
|
||||||
|
|
||||||
# allow
|
# allow
|
||||||
iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT # allow from lan/wifi interfaces
|
iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces
|
||||||
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
|
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
|
||||||
iptables -A INPUT -p gre -j ACCEPT # allow GRE
|
iptables -A INPUT -p gre -j ACCEPT # allow GRE
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user