summaryrefslogtreecommitdiff
path: root/contrib/multitech/ppp-masq-fw
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/multitech/ppp-masq-fw')
-rw-r--r--contrib/multitech/ppp-masq-fw34
1 files changed, 34 insertions, 0 deletions
diff --git a/contrib/multitech/ppp-masq-fw b/contrib/multitech/ppp-masq-fw
new file mode 100644
index 0000000000..f8b971808d
--- /dev/null
+++ b/contrib/multitech/ppp-masq-fw
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Flush all the tables first
+iptables -t filter -F
+iptables -t nat -F
+iptables -t mangle -F
+
+iptables -t filter -P INPUT DROP
+iptables -t filter -A INPUT -i lo -j ACCEPT
+iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Accept ssh from the LAN (Wired)
+iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
+# Accept http from the LAN (Wired)
+iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
+# Accept tftp from the LAN (Wired)
+#iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT
+
+# Accept ssh from the WAN (Wireless)
+#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
+# Accept http from the WAN (Wireless)
+#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
+
+iptables -t filter -P FORWARD DROP
+iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT
+
+iptables -t filter -P OUTPUT ACCEPT
+
+iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
+
+# turn on packet forwarding last
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 12:55:35 +0000