# Always allow accessing the web GUI from GREEN.
iptables -N GUIINPUT
iptables -A INPUT -j GUIINPUT
- iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+ if [ -n "${GREEN_DEV}" ]; then
+ iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+ fi
# WIRELESS chains
iptables -N WIRELESSINPUT
iptables -t nat -N NAT_SOURCE
iptables -t nat -A POSTROUTING -j NAT_SOURCE
+ # Captive Portal
+ iptables -t nat -N CAPTIVE_PORTAL
+ iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
+
# Custom prerouting chains (for transparent proxy)
iptables -t nat -N SQUID
iptables -t nat -A PREROUTING -j SQUID
iptables -t nat -N NAT_DESTINATION_FIX
iptables -t nat -A POSTROUTING -j NAT_DESTINATION_FIX
- iptables -t nat -A NAT_DESTINATION_FIX \
- -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+ if [ -n "${GREEN_ADDRESS}" ]; then
+ iptables -t nat -A NAT_DESTINATION_FIX \
+ -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+ fi
if [ -n "${BLUE_ADDRESS}" ]; then
iptables -t nat -A NAT_DESTINATION_FIX \
iptables -N UPNPFW
iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
- # Captive Portal
- iptables -t nat -N CAPTIVE_PORTAL
- iptables -t nat -A PREROUTING -j CAPTIVE_PORTAL
-
# RED chain, used for the red interface
iptables -N REDINPUT
iptables -A INPUT -j REDINPUT
iptables -t nat -N REDNAT
iptables -t nat -A POSTROUTING -j REDNAT
- # Populate IPsec block chain
- /usr/lib/firewall/ipsec-block
+ # Populate IPsec chains
+ /usr/lib/firewall/ipsec-policy
# Apply OpenVPN firewall rules
/usr/local/bin/openvpnctrl --firewall-rules