Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

freifunk-firewall: Fix local_restrict lan protection, it didn't work on rc4 nor on backfire branch

Browse source
This commit is contained in:
Manuel Munz 2011-05-08 21:24:24 +00:00
parent 360673a6eb
commit cb5319f312
1 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
View file

@ -18,9 +18,7 @@ clear_restricted_gw()
config_get gateway "$state" gateway
logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT
iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $gateway -j ACCEPT
iptables -D forwarding_rule ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
uci_revert_state firewall "$state"
fi
}
@ -56,9 +54,7 @@ if [ "$ACTION" = add ]; then
if [ "$local_restrict" = 1 ]; then
logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT
iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $gateway -j ACCEPT
iptables -I forwarding_rule ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
local state="restricted_gw_${INTERFACE}"
uci_set_state firewall "$state" "" restricted_gw_state
uci_set_state firewall "$state" iface "$INTERFACE"