API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 3rd, 2015
230
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.54 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. TUNTAP=$(basename $DEV)
  4. UNDO_FILE=/var/run/chilli.$TUNTAP.sh
  5.  
  6. . /etc/chilli/functions
  7.  
  8. [ -e "$UNDO_FILE" ] && sh $UNDO_FILE 2>/dev/null
  9. rm -f $UNDO_FILE 2>/dev/null
  10.  
  11. ipt() {
  12. opt=$1; shift
  13. echo "iptables -D $*" >> $UNDO_FILE
  14. iptables $opt $*
  15. }
  16.  
  17. ipt_in() {
  18. ipt -I INPUT -i $TUNTAP $*
  19. }
  20.  
  21. if [ -n "$TUNTAP" ]
  22. then
  23. # ifconfig $TUNTAP mtu $MTU
  24. if [ "$KNAME" != "" ]
  25. then
  26. ipt -I FORWARD -i $DHCPIF -m coova --name $KNAME -j ACCEPT
  27. ipt -I FORWARD -o $DHCPIF -m coova --name $KNAME --dest -j ACCEPT
  28. ipt -I FORWARD -i $TUNTAP -j ACCEPT
  29. ipt -I FORWARD -o $TUNTAP -j ACCEPT
  30. [ -n "$DHCPLISTEN" ] && ifconfig $DHCPIF $DHCPLISTEN
  31. else
  32. if [ "$LAYER3" != "1" ]
  33. then
  34. [ -n "$UAMPORT" -a "$UAMPORT" != "0" ] && \
  35. ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
  36.  
  37. [ -n "$UAMUIPORT" -a "$UAMUIPORT" != "0" ] && \
  38. ipt_in -p tcp -m tcp --dport $UAMUIPORT --dst $ADDR -j ACCEPT
  39.  
  40. [ -n "$HS_TCP_PORTS" ] && {
  41. for port in $HS_TCP_PORTS; do
  42. ipt_in -p tcp -m tcp --dport $port --dst $ADDR -j ACCEPT
  43. done
  44. }
  45.  
  46. ipt_in -p udp -d 255.255.255.255 --destination-port 67:68 -j ACCEPT
  47. ipt_in -p udp -d $ADDR --destination-port 67:68 -j ACCEPT
  48. ipt_in -p udp --dst $ADDR --dport 53 -j ACCEPT
  49. ipt_in -p icmp --dst $ADDR -j ACCEPT
  50.  
  51. ipt -A INPUT -i $TUNTAP --dst $ADDR -j DROP
  52.  
  53. ipt -I INPUT -i $DHCPIF -j DROP
  54. fi
  55.  
  56. ipt -I FORWARD -i $DHCPIF -j DROP
  57. ipt -I FORWARD -o $DHCPIF -j DROP
  58.  
  59. ipt -I FORWARD -i $TUNTAP -j ACCEPT
  60. ipt -I FORWARD -o $TUNTAP -j ACCEPT
  61.  
  62. # Help out conntrack to not get confused
  63. # (stops masquerading from working)
  64. #ipt -I PREROUTING -t raw -j NOTRACK -i $DHCPIF
  65.  
  66. # Help out MTU issues with PPPoE or Mesh
  67. ipt -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  68. ipt -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  69.  
  70. [ "$HS_LAN_ACCESS" != "on" -a "$HS_LAN_ACCESS" != "allow" ] && \
  71. ipt -I FORWARD -i $TUNTAP \! -o $HS_WANIF -j DROP
  72.  
  73. [ "$HS_LOCAL_DNS" = "on" ] && \
  74. ipt -I PREROUTING -t nat -i $TUNTAP -p udp --dport 53 -j DNAT --to-destination $ADDR
  75. fi
  76. fi
  77.  
  78. # site specific stuff optional
  79. [ -e /etc/chilli/ipup.sh ] && . /etc/chilli/ipup.sh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!