5774f0c64acdbaca21580784e532da58168e9ec6
[openwrt.git] / package / base-files / default / etc / firewall.user
1 #!/bin/sh
2 . /etc/functions.sh
3 . /etc/network.overrides
4 [ "$FAILSAFE" != "true" -a -e /etc/config/network ] && . /etc/config/network
5
6 WAN=$(nvram get wan_ifname)
7 LAN=$(nvram get lan_ifname)
8
9 iptables -F input_rule
10 iptables -F output_rule
11 iptables -F forwarding_rule
12 iptables -t nat -F prerouting_rule
13 iptables -t nat -F postrouting_rule
14
15 ### BIG FAT DISCLAIMER
16 ### The "-i $WAN" literally means packets that came in over the $WAN interface;
17 ### this WILL NOT MATCH packets sent from the LAN to the WAN address.
18
19 ### Allow SSH on the WAN interface
20 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
21 # iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
22
23 ### Port forwarding
24 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
25 # iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
26
27 ### DMZ (should be placed after port forwarding / accept rules)
28 # iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
29 # iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT
This page took 0.041185 seconds and 3 git commands to generate.