blob: 81a5e98918dc6a71c85a425373dae2582258fa1f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
--- conf/up.sh.in.orig 2009-01-10 17:54:55.000000000 +0000
+++ conf/up.sh.in 2009-01-10 18:03:23.000000000 +0000
@@ -5,52 +5,5 @@
. @ETCCHILLI@/functions
-[ -e "@VARRUN@/chilli.iptables" ] && sh @VARRUN@/chilli.iptables 2>/dev/null
-rm -f @VARRUN@/chilli.iptables 2>/dev/null
-
-IF=$(basename $DEV)
-
-ipt() {
- opt=$1; shift
- echo "iptables -D $*" >> @VARRUN@/chilli.iptables
- iptables $opt $*
-}
-
-ipt_in() {
- ipt -A INPUT -i $IF $*
-}
-
-[ -n "$DHCPIF" ] && {
-
- [ -n "$UAMPORT" -a "$UAMPORT" != "0" ] && \
- ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
-
- [ -n "$UAMUIPORT" -a "$UAMUIPORT" != "0" ] && \
- ipt_in -p tcp -m tcp --dport $UAMUIPORT --dst $ADDR -j ACCEPT
-
- [ -n "HS_TCP_PORTS" ] && {
- for port in $HS_TCP_PORTS; do
- ipt_in -p tcp -m tcp --dport $port --dst $ADDR -j ACCEPT
- done
- }
-
- ipt_in -p udp -d 255.255.255.255 --destination-port 67:68 -j ACCEPT
- ipt_in -p udp --dst $ADDR --dport 53 -j ACCEPT
-
- ipt -A INPUT -i $IF --dst $ADDR -j DROP
- ipt -A INPUT -i $IF -j DROP
-
- ipt -I FORWARD -i $DHCPIF -j DROP
- ipt -I FORWARD -o $DHCPIF -j DROP
- ipt -I FORWARD -i $IF -j ACCEPT
- ipt -I FORWARD -o $IF -j ACCEPT
-
- [ "$HS_LAN_ACCESS" != "on" -a "$HS_LAN_ACCESS" != "allow" ] && \
- ipt -I FORWARD -i $IF -o \! $HS_WANIF -j DROP
-
- [ "$HS_LOCAL_DNS" = "on" ] && \
- ipt -I PREROUTING -t nat -i $IF -p udp --dport 53 -j DNAT --to-destination $ADDR
-}
-
# site specific stuff optional
[ -e @ETCCHILLI@/ipup.sh ] && . @ETCCHILLI@/ipup.sh
|
