initial work on multitech bitbake layer for CoreCDP

1 files changed, 34 insertions, 0 deletions

diff --git a/multitech/contrib/ppp-masq-fw b/multitech/contrib/ppp-masq-fw
new file mode 100644
index 0000000..f8b9718
--- /dev/null
+++ b/multitech/contrib/ppp-masq-fw
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Flush all the tables first
+iptables -t filter -F
+iptables -t nat -F
+iptables -t mangle -F
+
+iptables -t filter -P INPUT DROP
+iptables -t filter -A INPUT -i lo -j ACCEPT
+iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Accept ssh from the LAN (Wired)
+iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
+# Accept http from the LAN (Wired)
+iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
+# Accept tftp from the LAN (Wired)
+#iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT
+
+# Accept ssh from the WAN (Wireless)
+#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
+# Accept http from the WAN (Wireless)
+#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
+
+iptables -t filter -P FORWARD DROP
+iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT
+
+iptables -t filter -P OUTPUT ACCEPT
+
+iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
+
+# turn on packet forwarding last
+echo 1 > /proc/sys/net/ipv4/ip_forward
+