add an initscript
[openwrt.git] / openwrt / package / base-files / default / etc / firewall.user
1 #!/bin/sh
2 . /etc/functions.sh
3
4 WAN=$(nvram get wan_ifname)
5 LAN=$(nvram get lan_ifname)
6
7 iptables -F input_rule
8 iptables -F output_rule
9 iptables -F forwarding_rule
10 iptables -t nat -F prerouting_rule
11 iptables -t nat -F postrouting_rule
12
13 ### BIG FAT DISCLAIMER
14 ### The "-i $WAN" literally means packets that came in over the $WAN interface;
15 ### this WILL NOT MATCH packets sent from the LAN to the WAN address.
16
17 ### Allow SSH on the WAN interface
18 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
19 # iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
20
21 ### Port forwarding
22 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
23 # iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
24
25 ### DMZ (should be placed after port forwarding / accept rules)
26 # iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
27 # iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT
This page took 0.051126 seconds and 5 git commands to generate.