diff options
| author | Jesse Gilles <jgilles@multitech.com> | 2013-12-18 16:14:37 -0600 |
|---|---|---|
| committer | Jesse Gilles <jgilles@multitech.com> | 2013-12-18 16:14:37 -0600 |
| commit | b034563347d34f7e9062dd50bc0a10b810837696 (patch) | |
| tree | ca8683328c12f168b4e9cc907009ca8bf428610b /multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router | |
| parent | 9ce0e4e887b2ab1b25de3cd41a3f733d3779a7bf (diff) | |
ocg-scripts: add ocg-cell-router, ocg-set-apn, remove .sh from others
Diffstat (limited to 'multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router')
| -rwxr-xr-x | multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router new file mode 100755 index 0000000..0d48a9e --- /dev/null +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router @@ -0,0 +1,83 @@ +#!/usr/bin/env bash + +set -e + +do_start() { + echo "Configuring firewall rules..." + # Flush all the tables first + iptables -t filter -F + iptables -t nat -F + iptables -t mangle -F + + # Drop all incoming packets by default + iptables -t filter -P INPUT DROP + # Accept all on local loopback + iptables -t filter -A INPUT -i lo -j ACCEPT + # Allow packets in for existing socket connections + iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + + # Accept all from LAN (Wired) + iptables -t filter -A INPUT -i eth0 -j ACCEPT + + # Accept ssh from the LAN (Wired) + #iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT + # Accept http from the LAN (Wired) + #iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT + # Accept tftp from the LAN (Wired) + #iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT + + # Accept ssh from the WAN (Wireless) + #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT + # Accept http from the WAN (Wireless) + #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT + + # Allow packet fowarding from eth0 to ppp0 (cell router) + iptables -t filter -P FORWARD DROP + iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT + + # Allow all output packets + iptables -t filter -P OUTPUT ACCEPT + + # enable NAT for cell router + iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE + + echo "Enabling packet forwarding..." + # turn on packet forwarding last + echo 1 > /proc/sys/net/ipv4/ip_forward + echo "Done" +} + +do_stop() { + echo "Clearing firewall rules..." + # clear all tables + iptables -t filter -F + iptables -t nat -F + iptables -t mangle -F + # reset policies to ACCEPT + iptables -t filter -P INPUT ACCEPT + iptables -t filter -P OUTPUT ACCEPT + iptables -t filter -P FORWARD ACCEPT + + # turn off packet forwarding + echo "Disabling packet forwarding..." + echo 0 > /proc/sys/net/ipv4/ip_forward + echo "Done" +} + +if [[ $# -ne 1 ]]; then + echo "Usage: $(basename $0) start|stop" + exit 1 +fi + +case $1 in + start) + do_start + ;; + stop) + do_stop + ;; +esac + +exit 0 + |