1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-26 02:38:59 +02:00

cleanup login script, change firewall example

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@881 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
mbm 2005-05-13 13:49:48 +00:00
parent 9867fb3338
commit dd755e947f
2 changed files with 25 additions and 26 deletions

View File

@ -1,21 +1,20 @@
#!/bin/sh #!/bin/sh
[ "$FAILSAFE" = "true" ] && exec /bin/ash --login . /etc/sysconf 2>&-
[ -f /etc/sysconf ] && . /etc/sysconf
if [ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ]; then
if grep '^root:!' /etc/passwd > /dev/null 2>/dev/null; then
echo "You need to set a login password to protect your"
echo "Router from unauthorized access."
echo
echo "Use 'passwd' to set your password."
echo "telnet login will be disabled afterwards,"
echo "You can then login using SSH."
echo
else
echo "Login failed."
exit 0
fi
fi
[ "$FAILSAFE" != "true" ] &&
[ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ] &&
{
grep '^root:[^!]' /etc/passwd >&- 2>&- &&
{
echo "Login failed."
exit 0
} || {
cat << EOF
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
EOF
}
}
exec /bin/ash --login exec /bin/ash --login

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
. /etc/functions.sh . /etc/functions.sh
export WAN=$(nvram get wan_ifname) WAN=$(nvram get wan_ifname)
export LAN=$(nvram get lan_ifname) LAN=$(nvram get lan_ifname)
## CLEAR TABLES ## CLEAR TABLES
for T in filter nat mangle; do for T in filter nat mangle; do
@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule iptables -t nat -N postrouting_rule
### Port forwarding ### Port forwarding
# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
# iptables -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT # iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
### INPUT ### INPUT
### (connections with the router as destination) ### (connections with the router as destination)
@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule
iptables -P INPUT DROP iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# allow # allow
iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
iptables -A INPUT -p 47 -j ACCEPT # allow GRE iptables -A INPUT -p gre -j ACCEPT # allow GRE
iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# #
# insert accept rule or to jump to new accept-check table here # insert accept rule or to jump to new accept-check table here
# #