diff options
Diffstat (limited to 'recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router')
-rwxr-xr-x | recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router | 147 |
1 files changed, 0 insertions, 147 deletions
diff --git a/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router b/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router deleted file mode 100755 index 1607c32..0000000 --- a/recipes-core/mlinux-scripts/mlinux-scripts-1.1/mlinux-cell-router +++ /dev/null @@ -1,147 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (C) 2014 Multi-Tech Systems - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -set -e - -do_start() { - lan_interfaces=$(echo "$lan" | sed "s/,/ /g") - - echo "Configuring firewall rules..." - # Flush all the tables first - iptables -t filter -F - iptables -t nat -F - iptables -t mangle -F - - # Drop all incoming packets by default - iptables -t filter -P INPUT DROP - # Accept all on local loopback - iptables -t filter -A INPUT -i lo -j ACCEPT - # Allow packets in for existing socket connections - iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - - # Accept all from LAN interfaces - for i in $lan_interfaces; do - iptables -t filter -A INPUT -i $i -j ACCEPT - - # Accept ssh from the LAN (Wired) - #iptables -t filter -A INPUT -i $i -p tcp --dport 22 -j ACCEPT - # Accept http from the LAN (Wired) - #iptables -t filter -A INPUT -i $i -p tcp --dport 80 -j ACCEPT - # Accept tftp from the LAN (Wired) - #iptables -t filter -A INPUT -i $i -p udp --dport 69 -j ACCEPT - done - - # Accept ssh from the WAN (Wireless) - #iptables -t filter -A INPUT -i $wan -p tcp --dport 22 -j ACCEPT - # Accept http from the WAN (Wireless) - #iptables -t filter -A INPUT -i $wan -p tcp --dport 80 -j ACCEPT - - # Allow packet fowarding from LAN interfaces to WAN (cell router) - iptables -t filter -P FORWARD DROP - iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - for i in $lan_interfaces; do - iptables -t filter -A FORWARD -i $i -o $wan -j ACCEPT - done - - # Allow all output packets - iptables -t filter -P OUTPUT ACCEPT - - # enable NAT for cell router - iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE - - echo "Enabling packet forwarding..." - # turn on packet forwarding last - echo 1 > /proc/sys/net/ipv4/ip_forward - echo "Done" -} - -do_stop() { - echo "Clearing firewall rules..." - # clear all tables - iptables -t filter -F - iptables -t nat -F - iptables -t mangle -F - # reset policies to ACCEPT - iptables -t filter -P INPUT ACCEPT - iptables -t filter -P OUTPUT ACCEPT - iptables -t filter -P FORWARD ACCEPT - - # turn off packet forwarding - echo "Disabling packet forwarding..." - echo 0 > /proc/sys/net/ipv4/ip_forward - echo "Done" -} - -usage() { - echo "Usage: $(basename $0) start|stop [options]" - echo " options:" - echo " -l <lan-interfaces> LAN interfaces to allow, comma-separated (defaults to \"eth0\")" - echo " -w <wan-interface> WAN interface to route out (defaults to \"ppp0\")" - exit 1 -} - -# main -if [[ $# < 1 ]]; then - usage -fi - -cmd=$1 -shift - -while getopts "l:w:h" opt; do - case "$opt" in - l) - l=$OPTARG - ;; - w) - w=$OPTARG - ;; - h) - usage - ;; - *) - usage - ;; - esac -done - -# default lan to eth0 if not specified -lan=${l-eth0} -# default wan to ppp0 if not specified -wan=${w-ppp0} - -case $cmd in - start) - echo "LAN: $lan" - echo "WAN: $wan" - do_start - ;; - stop) - do_stop - ;; - *) - usage - ;; -esac - -exit 0 - |