summaryrefslogtreecommitdiffhomepage
path: root/contrib/package/freifunk-firewall/files/etc
diff options
context:
space:
mode:
authorManuel Munz <freifunk@somakoma.de>2011-05-08 21:24:24 +0000
committerManuel Munz <freifunk@somakoma.de>2011-05-08 21:24:24 +0000
commitcb5319f3120a7fea4b5e2ff46723ff57ffbdc4b2 (patch)
tree66871933160f74f43d00f47b94e1973ef89d28e3 /contrib/package/freifunk-firewall/files/etc
parent360673a6eb42f21df82cad5b57f07a493181c536 (diff)
freifunk-firewall: Fix local_restrict lan protection, it didn't work on rc4 nor on backfire branch
Diffstat (limited to 'contrib/package/freifunk-firewall/files/etc')
-rw-r--r--contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan8
1 files changed, 2 insertions, 6 deletions
diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
index ed40ff48d6..d6f94ea901 100644
--- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
+++ b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
@@ -18,9 +18,7 @@ clear_restricted_gw()
config_get gateway "$state" gateway
logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
- iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT
- iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $gateway -j ACCEPT
-
+ iptables -D forwarding_rule ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
uci_revert_state firewall "$state"
fi
}
@@ -56,9 +54,7 @@ if [ "$ACTION" = add ]; then
if [ "$local_restrict" = 1 ]; then
logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
- iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT
- iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $gateway -j ACCEPT
-
+ iptables -I forwarding_rule ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
local state="restricted_gw_${INTERFACE}"
uci_set_state firewall "$state" "" restricted_gw_state
uci_set_state firewall "$state" iface "$INTERFACE"