summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuillaume Cottenceau <gc@mandriva.com>2001-04-12 13:50:24 +0000
committerGuillaume Cottenceau <gc@mandriva.com>2001-04-12 13:50:24 +0000
commitc3b7992b4d1e9dbe528bd9e757b02873ee3ed339 (patch)
tree296458b6c2eac106712935441cf13f15c9266a80
parent1feaa0f7aed3f0823e5a69c626737b03b645b7cc (diff)
downloaddrakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar
drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar.gz
drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar.bz2
drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.tar.xz
drakx-backup-do-not-use-c3b7992b4d1e9dbe528bd9e757b02873ee3ed339.zip
add some rule so later on tinyfirewall will not prevent everything from working
-rwxr-xr-xperl-install/standalone/drakgw18
1 files changed, 18 insertions, 0 deletions
diff --git a/perl-install/standalone/drakgw b/perl-install/standalone/drakgw
index 65bcbf301..5a69ae0c4 100755
--- a/perl-install/standalone/drakgw
+++ b/perl-install/standalone/drakgw
@@ -441,6 +441,8 @@ echo 1 > /proc/sys/net/ipv4/ip_forward
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s $lan_address.0/24 -j MASQ
+
+# Let incoming packets arrive to our interface, in case there are some firewall rules to come
/sbin/ipchains -A input -i $device -j ACCEPT
));
chmod 0700, $rc_firewall_22;
@@ -456,6 +458,19 @@ echo 1 > /proc/sys/net/ipv4/ip_forward
# In the NAT table (-t nat), Append a rule (-A) after routing (POSTROUTING)
# which says to MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -s $lan_address.0/24 -j MASQUERADE
+
+# Allows forwarding specifically to our LAN
+iptables -A FORWARD -s $lan_address.0/24 -j ACCEPT
+
+# Allow dhcp requests
+iptables -A INPUT -i $device -p udp --sport bootpc --dport bootps -j ACCEPT
+iptables -A INPUT -i $device -p tcp --sport bootpc --dport bootps -j ACCEPT
+iptables -A INPUT -i $device -p udp --sport bootps --dport bootpc -j ACCEPT
+iptables -A INPUT -i $device -p tcp --sport bootps --dport bootpc -j ACCEPT
+
+# Allow dns requests
+iptables -A INPUT -i $device -p udp --dport domain -j ACCEPT
+iptables -A INPUT -i $device -p tcp --dport domain -j ACCEPT
));
chmod 0700, $rc_firewall_24;
@@ -641,6 +656,9 @@ Click on Configure to launch the setup wizard.", $setup_state));
#-------------------------------------------------
#- $Log$
+#- Revision 1.42 2001/04/12 13:50:24 gc
+#- add some rule so later on tinyfirewall will not prevent everything from working
+#-
#- Revision 1.41 2001/04/11 15:28:36 gc
#- kosmetik
#-