X-Git-Url: http://git.rohieb.name/openwrt.git/blobdiff_plain/dd755e947f8ae1e657dfa6c16b7756d78074e013..934e35c9dc1f189fe6714edd7d3f05d6918e07ba:/target/default/target_skeleton/etc/init.d/S45firewall

diff --git a/target/default/target_skeleton/etc/init.d/S45firewall b/target/default/target_skeleton/etc/init.d/S45firewall
index a50663725..51c35b03a 100755
--- a/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/target/default/target_skeleton/etc/init.d/S45firewall
@@ -1,4 +1,5 @@
 #!/bin/sh
+${FAILSAFE:+return}
 . /etc/functions.sh
 WAN=$(nvram get wan_ifname)
 LAN=$(nvram get lan_ifname)
@@ -16,10 +17,18 @@ iptables -N forwarding_rule
 iptables -t nat -N prerouting_rule
 iptables -t nat -N postrouting_rule
 
+### Allow SSH from WAN
+# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT 
+# iptables        -A input_rule      -i $WAN -p tcp --dport 22 -j ACCEPT
+
 ### Port forwarding
 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
 # iptables        -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
 
+### DMZ (should be placed after port forwarding / accept rules)
+# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT
+
 ### INPUT
 ###  (connections with the router as destination)