emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

examples/var_service/fw/run: allow extif's to be more than one iface

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2021-09-02 23:53:48 +02:00
parent 4a36ef11ac
commit d7e39f26d7
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
examples/var_service/fw/run
View File

@ -179,7 +179,9 @@ ipt="iptables -t nat -A OUTPUT"
# OUTGOING TRAFFIC # OUTGOING TRAFFIC
ipt="iptables -t nat -A POSTROUTING" ipt="iptables -t nat -A POSTROUTING"
# Masquerade boxes on my private net # Masquerade boxes on my private net
doit $ipt -s 192.168.0.0/24 -o $extif -j MASQUERADE for e in $extif; do
doit $ipt -s 192.168.0.0/24 -o $e -j MASQUERADE
done
# *** mangle *** # *** mangle ***
### DEBUG ### DEBUG
@ -204,7 +206,9 @@ fi
doit $ipt -p tcp -j REJECT # Anything else isn't ok. REJECT = irc opens faster doit $ipt -p tcp -j REJECT # Anything else isn't ok. REJECT = irc opens faster
# (it probes proxy ports, DROP will incur timeout delays) # (it probes proxy ports, DROP will incur timeout delays)
ipt="iptables -t filter -A INPUT" ipt="iptables -t filter -A INPUT"
doit $ipt -i $extif -j iext for e in $extif; do
doit $ipt -i $e -j iext
done
echo; echo "* Enabling forwarding" echo; echo "* Enabling forwarding"
@ -222,12 +226,12 @@ echo; echo "* Routing:"
ip r l ip r l
echo; echo "* Firewall:" echo; echo "* Firewall:"
{ {
echo '---FILTER--'; echo '---FILTER--'
iptables -v -L -x -n; iptables -v -L -x -n
echo '---NAT-----'; echo '---NAT-----'
iptables -t nat -v -L -x -n; iptables -t nat -v -L -x -n
echo '---MANGLE--'; echo '---MANGLE--'
iptables -t mangle -v -L -x -n; iptables -t mangle -v -L -x -n
} \ } \
| grep -v '^$' | grep -Fv 'bytes target' | grep -v '^$' | grep -Fv 'bytes target'
echo echo