diff options
author | Guillaume Cottenceau <gc@mandriva.com> | 2001-04-12 13:50:24 +0000 |
---|---|---|
committer | Guillaume Cottenceau <gc@mandriva.com> | 2001-04-12 13:50:24 +0000 |
commit | c3b7992b4d1e9dbe528bd9e757b02873ee3ed339 (patch) | |
tree | 296458b6c2eac106712935441cf13f15c9266a80 | |
parent | 1feaa0f7aed3f0823e5a69c626737b03b645b7cc (diff) | |
download | drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar.gz drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar.bz2 drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar.xz drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.zip |
add some rule so later on tinyfirewall will not prevent everything from working
-rwxr-xr-x | perl-install/standalone/drakgw | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/perl-install/standalone/drakgw b/perl-install/standalone/drakgw index 65bcbf301..5a69ae0c4 100755 --- a/perl-install/standalone/drakgw +++ b/perl-install/standalone/drakgw @@ -441,6 +441,8 @@ echo 1 > /proc/sys/net/ipv4/ip_forward # /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s $lan_address.0/24 -j MASQ + +# Let incoming packets arrive to our interface, in case there are some firewall rules to come /sbin/ipchains -A input -i $device -j ACCEPT )); chmod 0700, $rc_firewall_22; @@ -456,6 +458,19 @@ echo 1 > /proc/sys/net/ipv4/ip_forward # In the NAT table (-t nat), Append a rule (-A) after routing (POSTROUTING) # which says to MASQUERADE the connection (-j MASQUERADE). iptables -t nat -A POSTROUTING -s $lan_address.0/24 -j MASQUERADE + +# Allows forwarding specifically to our LAN +iptables -A FORWARD -s $lan_address.0/24 -j ACCEPT + +# Allow dhcp requests +iptables -A INPUT -i $device -p udp --sport bootpc --dport bootps -j ACCEPT +iptables -A INPUT -i $device -p tcp --sport bootpc --dport bootps -j ACCEPT +iptables -A INPUT -i $device -p udp --sport bootps --dport bootpc -j ACCEPT +iptables -A INPUT -i $device -p tcp --sport bootps --dport bootpc -j ACCEPT + +# Allow dns requests +iptables -A INPUT -i $device -p udp --dport domain -j ACCEPT +iptables -A INPUT -i $device -p tcp --dport domain -j ACCEPT )); chmod 0700, $rc_firewall_24; @@ -641,6 +656,9 @@ Click on Configure to launch the setup wizard.", $setup_state)); #------------------------------------------------- #- $Log$ +#- Revision 1.42 2001/04/12 13:50:24 gc +#- add some rule so later on tinyfirewall will not prevent everything from working +#- #- Revision 1.41 2001/04/11 15:28:36 gc #- kosmetik #- |