summaryrefslogtreecommitdiff
path: root/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router
blob: 0d48a9ed9ffe70caf56d36dd53ded2dd8b18553e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

#!/usr/bin/env bash

set -e

do_start() {
	echo "Configuring firewall rules..."
	# Flush all the tables first
	iptables -t filter -F
	iptables -t nat -F
	iptables -t mangle -F

	# Drop all incoming packets by default
	iptables -t filter -P INPUT DROP
	# Accept all on local loopback
	iptables -t filter -A INPUT -i lo -j ACCEPT
	# Allow packets in for existing socket connections
	iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

	# Accept all from LAN (Wired)
	iptables -t filter -A INPUT -i eth0 -j ACCEPT

	# Accept ssh from the LAN (Wired)
	#iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
	# Accept http from the LAN (Wired)
	#iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
	# Accept tftp from the LAN (Wired)
	#iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT

	# Accept ssh from the WAN (Wireless)
	#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
	# Accept http from the WAN (Wireless)
	#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT

	# Allow packet fowarding from eth0 to ppp0 (cell router)
	iptables -t filter -P FORWARD DROP
	iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT

	# Allow all output packets
	iptables -t filter -P OUTPUT ACCEPT

	# enable NAT for cell router
	iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

	echo "Enabling packet forwarding..."
	# turn on packet forwarding last
	echo 1 > /proc/sys/net/ipv4/ip_forward
	echo "Done"
}

do_stop() {
	echo "Clearing firewall rules..."
	# clear all tables
	iptables -t filter -F
	iptables -t nat -F
	iptables -t mangle -F
	# reset policies to ACCEPT
	iptables -t filter -P INPUT ACCEPT
	iptables -t filter -P OUTPUT ACCEPT
	iptables -t filter -P FORWARD ACCEPT

	# turn off packet forwarding
	echo "Disabling packet forwarding..."
	echo 0 > /proc/sys/net/ipv4/ip_forward
	echo "Done"
}

if [[ $# -ne 1 ]]; then
	echo "Usage: $(basename $0) start|stop"
	exit 1
fi

case $1 in
	start)
		do_start
		;;
	stop)
		do_stop
		;;
esac

exit 0
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 23:36:48 +0000