From 8139398721023908ae3145d18839d2712ce522c8 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Thu, 10 Jan 2013 12:17:30 +0100 Subject: [PATCH] Forward Firewall: edited /src/initscripts/init.d/firewall and misc-progs/wirelessctrl.c added WIRELESSFORWARD to FORWARDFW (instead of FORWARD) so that rules work commented out DMZHOLES lines in wirelessctrl.c to get rid of booterrormessages (There's no DMZHOLES anymore) --- src/initscripts/init.d/firewall | 6 ++++++ src/misc-progs/wirelessctrl.c | 12 ++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 0af3d4b2a..66dba6424 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -221,6 +221,12 @@ case "$1" in # allow DHCP on BLUE to be turned on/off /sbin/iptables -N DHCPBLUEINPUT /sbin/iptables -A INPUT -j DHCPBLUEINPUT + + # WIRELESS chains + /sbin/iptables -N WIRELESSINPUT + /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT + /sbin/iptables -N WIRELESSFORWARD + /sbin/iptables -A FORWARDFW -m state --state NEW -j WIRELESSFORWARD # OPenSSL /sbin/iptables -N OPENSSLPHYSICAL diff --git a/src/misc-progs/wirelessctrl.c b/src/misc-progs/wirelessctrl.c index 12b954baa..be6f967c4 100644 --- a/src/misc-progs/wirelessctrl.c +++ b/src/misc-progs/wirelessctrl.c @@ -156,8 +156,8 @@ int main(void) safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev); safe_system(command); - snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev); - safe_system(command); + /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev); + safe_system(command);*/ } else { /* correctly formed mac address is 17 chars */ @@ -166,8 +166,8 @@ int main(void) safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev); safe_system(command); - snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev); - safe_system(command); + /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev); + safe_system(command);*/ } if (VALID_IP_AND_MASK(ipaddress)) { @@ -175,8 +175,8 @@ int main(void) safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev); safe_system(command); - snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev); - safe_system(command); + /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev); + safe_system(command);*/ } } } -- 2.39.2