]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/commitdiff
projects / people / teissler / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54cb7ff)
Forward Firewall: edited /src/initscripts/init.d/firewall and misc-progs/wirelessctrl.c
authorAlexander Marx <amarx@ipfire.org>
Thu, 10 Jan 2013 11:17:30 +0000 (12:17 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:08:09 +0000 (14:08 +0200)
added WIRELESSFORWARD to FORWARDFW (instead of FORWARD) so that rules work
commented out DMZHOLES lines in wirelessctrl.c to get rid of booterrormessages (There's no DMZHOLES anymore)

src/initscripts/init.d/firewall patch | blob | blame | history
src/misc-progs/wirelessctrl.c patch | blob | blame | history

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 0af3d4b2af5340d99f12402470e0d1aaacff9fb6..66dba642486aa571077f671d7f1dc68fe193b54d 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -221,6 +221,12 @@ case "$1" in
        # allow DHCP on BLUE to be turned on/off
        /sbin/iptables -N DHCPBLUEINPUT 
        /sbin/iptables -A INPUT -j DHCPBLUEINPUT
+       
+       # WIRELESS chains
+       /sbin/iptables -N WIRELESSINPUT
+       /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
+       /sbin/iptables -N WIRELESSFORWARD
+       /sbin/iptables -A FORWARDFW -m state --state NEW -j WIRELESSFORWARD
 
        # OPenSSL
        /sbin/iptables -N OPENSSLPHYSICAL
diff --git a/src/misc-progs/wirelessctrl.c b/src/misc-progs/wirelessctrl.c
index 12b954baa3f8509ae088fa7990694fd2f2f6dc63..be6f967c48b5ea3158d806e0efdee07d250f888d 100644 (file)
--- a/src/misc-progs/wirelessctrl.c
+++ b/src/misc-progs/wirelessctrl.c
@@ -156,8 +156,8 @@ int main(void)
                                                                        safe_system(command);
                                                                        snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
                                                                        safe_system(command);
-                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
-                                                                       safe_system(command);
+                                                                       /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
+                                                                       safe_system(command);*/
                                                        } else {
 
                                                                        /* correctly formed mac address is 17 chars */
@@ -166,8 +166,8 @@ int main(void)
                                                                                                        safe_system(command);
                                                                                                        snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
                                                                                                        safe_system(command);
-                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
-                                                                                                       safe_system(command);
+                                                                                                       /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
+                                                                                                       safe_system(command);*/
                                                                        }
 
                                                                        if (VALID_IP_AND_MASK(ipaddress)) {
@@ -175,8 +175,8 @@ int main(void)
                                                                                                        safe_system(command);
                                                                                                        snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
                                                                                                        safe_system(command);
-                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
-                                                                                                       safe_system(command);
+                                                                                                       /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
+                                                                                                       safe_system(command);*/
                                                                        }
                                                        }
                                                        }
Timo's tree of IPFire 2.x