# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
+
+ # WIRELESS chains
+ /sbin/iptables -N WIRELESSINPUT
+ /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
+ /sbin/iptables -N WIRELESSFORWARD
+ /sbin/iptables -A FORWARDFW -m state --state NEW -j WIRELESSFORWARD
# OPenSSL
/sbin/iptables -N OPENSSLPHYSICAL
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
- safe_system(command);
+ /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
+ safe_system(command);*/
} else {
/* correctly formed mac address is 17 chars */
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
- safe_system(command);
+ /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
+ safe_system(command);*/
}
if (VALID_IP_AND_MASK(ipaddress)) {
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
- safe_system(command);
+ /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
+ safe_system(command);*/
}
}
}