mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 19:52:06 +00:00
Apply @jvonau's "$lan" != "none" to fwd'ing (not just masq'ing)
This commit is contained in:
A Holt
GitHub
parent
7012946f1b
commit
a68ae48b4e
1 changed files with 17 additions and 16 deletions
|
|
@ -163,8 +163,9 @@ if [ "$wan" != "none" ]; then
|
||||||
$IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT
|
$IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$lan" != "none" ]; then
|
||||||
# Typically False, to keep client machines (e.g. students) off the Internet
|
# Typically False, to keep client machines (e.g. students) off the Internet
|
||||||
if [ "$iiab_gateway_enabled" == "True" ] && [ "$lan" != "none" ]; then
|
if [ "$iiab_gateway_enabled" == "True" ]; then
|
||||||
$IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE
|
$IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -180,13 +181,13 @@ if [ "$wan" != "none" ]; then
|
||||||
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
|
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
|
||||||
# Enable routing (kernel IP forwarding)
|
# Enable routing (kernel IP forwarding)
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
|
fi
|
||||||
|
|
||||||
# 5 = "all but databases"
|
# 5 = "all but databases"
|
||||||
if [ "$ports_externally_visible" -lt 5 ]; then
|
if [ "$ports_externally_visible" -lt 5 ]; then
|
||||||
# Drop everything else arriving via WAN
|
# Drop everything else arriving via WAN
|
||||||
$IPTABLES -A INPUT -i $wan -j DROP
|
$IPTABLES -A INPUT -i $wan -j DROP
|
||||||
fi
|
fi
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# TCP & UDP block of DNS port 53 if truly nec
|
# TCP & UDP block of DNS port 53 if truly nec
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue