summaryrefslogtreecommitdiff
path: root/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router')
-rwxr-xr-xrecipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router147
1 files changed, 0 insertions, 147 deletions
diff --git a/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router b/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router
deleted file mode 100755
index 1607c32..0000000
--- a/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (C) 2014 Multi-Tech Systems
-
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-
-set -e
-
-do_start() {
- lan_interfaces=$(echo "$lan" | sed "s/,/ /g")
-
- echo "Configuring firewall rules..."
- # Flush all the tables first
- iptables -t filter -F
- iptables -t nat -F
- iptables -t mangle -F
-
- # Drop all incoming packets by default
- iptables -t filter -P INPUT DROP
- # Accept all on local loopback
- iptables -t filter -A INPUT -i lo -j ACCEPT
- # Allow packets in for existing socket connections
- iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-
- # Accept all from LAN interfaces
- for i in $lan_interfaces; do
- iptables -t filter -A INPUT -i $i -j ACCEPT
-
- # Accept ssh from the LAN (Wired)
- #iptables -t filter -A INPUT -i $i -p tcp --dport 22 -j ACCEPT
- # Accept http from the LAN (Wired)
- #iptables -t filter -A INPUT -i $i -p tcp --dport 80 -j ACCEPT
- # Accept tftp from the LAN (Wired)
- #iptables -t filter -A INPUT -i $i -p udp --dport 69 -j ACCEPT
- done
-
- # Accept ssh from the WAN (Wireless)
- #iptables -t filter -A INPUT -i $wan -p tcp --dport 22 -j ACCEPT
- # Accept http from the WAN (Wireless)
- #iptables -t filter -A INPUT -i $wan -p tcp --dport 80 -j ACCEPT
-
- # Allow packet fowarding from LAN interfaces to WAN (cell router)
- iptables -t filter -P FORWARD DROP
- iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
- for i in $lan_interfaces; do
- iptables -t filter -A FORWARD -i $i -o $wan -j ACCEPT
- done
-
- # Allow all output packets
- iptables -t filter -P OUTPUT ACCEPT
-
- # enable NAT for cell router
- iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
-
- echo "Enabling packet forwarding..."
- # turn on packet forwarding last
- echo 1 > /proc/sys/net/ipv4/ip_forward
- echo "Done"
-}
-
-do_stop() {
- echo "Clearing firewall rules..."
- # clear all tables
- iptables -t filter -F
- iptables -t nat -F
- iptables -t mangle -F
- # reset policies to ACCEPT
- iptables -t filter -P INPUT ACCEPT
- iptables -t filter -P OUTPUT ACCEPT
- iptables -t filter -P FORWARD ACCEPT
-
- # turn off packet forwarding
- echo "Disabling packet forwarding..."
- echo 0 > /proc/sys/net/ipv4/ip_forward
- echo "Done"
-}
-
-usage() {
- echo "Usage: $(basename $0) start|stop [options]"
- echo " options:"
- echo " -l <lan-interfaces> LAN interfaces to allow, comma-separated (defaults to \"eth0\")"
- echo " -w <wan-interface> WAN interface to route out (defaults to \"ppp0\")"
- exit 1
-}
-
-# main
-if [[ $# < 1 ]]; then
- usage
-fi
-
-cmd=$1
-shift
-
-while getopts "l:w:h" opt; do
- case "$opt" in
- l)
- l=$OPTARG
- ;;
- w)
- w=$OPTARG
- ;;
- h)
- usage
- ;;
- *)
- usage
- ;;
- esac
-done
-
-# default lan to eth0 if not specified
-lan=${l-eth0}
-# default wan to ppp0 if not specified
-wan=${w-ppp0}
-
-case $cmd in
- start)
- echo "LAN: $lan"
- echo "WAN: $wan"
- do_start
- ;;
- stop)
- do_stop
- ;;
- *)
- usage
- ;;
-esac
-
-exit 0
-