diff options
| author | Jesse Gilles <jgilles@multitech.com> | 2013-12-19 17:01:41 -0600 |
|---|---|---|
| committer | Jesse Gilles <jgilles@multitech.com> | 2013-12-19 17:01:41 -0600 |
| commit | e7f7fd594fe8974efc97f02884113b134617f854 (patch) | |
| tree | e510b69a3633d0037f567b3f703f9b8c27aaf6e7 | |
| parent | d1d558fe1b6da8eee511c90a05c022edc90e5e1d (diff) | |
ocg-scripts: add lan-interfaces option to ocg-cell-router
| -rwxr-xr-x | multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router index 0d48a9e..27287e0 100755 --- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router @@ -3,6 +3,8 @@ set -e do_start() { + lan_interfaces=$(echo "$1" | sed "s/,/ /g") + echo "Configuring firewall rules..." # Flush all the tables first iptables -t filter -F @@ -16,8 +18,13 @@ do_start() { # Allow packets in for existing socket connections iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - # Accept all from LAN (Wired) + # Accept all from LAN interfaces (always accept on eth0) iptables -t filter -A INPUT -i eth0 -j ACCEPT + for i in $lan_interfaces; do + if [ "$i" != "eth0" ]; then + iptables -t filter -A INPUT -i $i -j ACCEPT + fi + done # Accept ssh from the LAN (Wired) #iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT @@ -31,10 +38,12 @@ do_start() { # Accept http from the WAN (Wireless) #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT - # Allow packet fowarding from eth0 to ppp0 (cell router) + # Allow packet fowarding from LAN interfaces to ppp0 (cell router) iptables -t filter -P FORWARD DROP iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT + for i in $lan_interfaces; do + iptables -t filter -A FORWARD -i $i -o ppp0 -j ACCEPT + done # Allow all output packets iptables -t filter -P OUTPUT ACCEPT @@ -65,14 +74,16 @@ do_stop() { echo "Done" } -if [[ $# -ne 1 ]]; then - echo "Usage: $(basename $0) start|stop" +if [[ $# < 1 || $# > 2 ]]; then + echo "Usage: $(basename $0) start|stop [lan-interfaces]" + echo " lan-interfaces: comma-separated list of LAN interfaces to forward to cellular" + echo " defaults to \"eth0\"" exit 1 fi case $1 in start) - do_start + do_start "${2:-eth0}" ;; stop) do_stop |