Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # dnsmasq.conf
- domain-needed
- bogus-priv
- domain=home.lan
- no-resolv
- server=1.1.1.1
- server=1.0.0.1
- dhcp-range=eth1,172.17.7.50,172.17.7.99,12h
- dhcp-range=wlan0,10.0.0.50,10.0.0.99,12h
- dhcp-leasefile=/home/USERNAME/dnsmasq.leases
- # hostapd.conf
- ###Configuration for 2.4GHz###
- # Interface used by AP
- interface=wlan0
- # Enable 2.4GHz band
- hw_mode=g
- # Channel to use
- channel=6
- # Limit the frequencies used to those allowed in the country
- ieee80211d=1
- # Country code
- country_code=FI
- # 802.11n support
- ieee80211n=1
- # QoS support, also required for full speed on 802.11n/ac/ax
- wmm_enabled=1
- # SSID to broadcast
- ssid=NAME
- # 1=wpa, 2=wep, 3=both
- auth_algs=1
- # WPA2 only
- wpa=2
- wpa_key_mgmt=WPA-PSK
- rsn_pairwise=CCMP
- wpa_passphrase=PASSWORD
- ###Configuration for 5GHz###
- # Interface used by AP
- #interface=wlan0
- #
- # Enable 5GHz band
- #hw_mode=a
- #
- # Channel to use
- #channel=44
- #
- # Limit the frequencies used to those allowed in the country
- #ieee80211d=1
- #
- # Country code
- #country_code=FI
- #
- # 802.11ac support
- #ieee80211ac=1
- #
- # QoS support, also required for full speed on 802.11n/ac/ax
- #wmm_enabled=1
- #
- # SSID to broadcast
- #ssid=NAME
- #
- # 1=wpa, 2=wep, 3=both
- #auth_algs=1
- #
- # WPA2 only
- #wpa=2
- #wpa_key_mgmt=WPA-PSK
- #rsn_pairwise=CCMP
- #wpa_passphrase=PASSWORD
- # iptables rule sript
- #!/bin/bash
- # Flush existing rules and set the default policies
- iptables -F
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT ACCEPT
- # Allow established and related connections
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow DHCP traffic for the LAN interface
- iptables -A INPUT -i eth1 -p udp --dport 67:68 -j ACCEPT
- iptables -A INPUT -i wlan0 -p udp --dport 67:68 -j ACCEPT
- # Allow DNS traffic for the LAN interface
- iptables -A INPUT -i eth1 -p udp --dport 53 -j ACCEPT
- iptables -A INPUT -i wlan0 -p udp --dport 53 -j ACCEPT
- # Allow traffic from LAN to WAN
- iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
- iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
- # Allow traffic from WAN to LAN for established connections
- iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A FORWARD -i eth0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow ICMP (ping) from the local network
- iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -s 172.17.7.0/24 -j ACCEPT
- # Allow SSH from the local network
- iptables -A INPUT -i eth1 -p tcp --dport 22 -s 172.17.7.0/24 -j ACCEPT
- # Allow SSH from selected public network
- iptables -A INPUT -p tcp --dport 22 -s PUBLIC-IP-HERE -j ACCEPT
- # Masquerade traffic from LAN to WAN
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE --random
- # Save the rules to the persistent configuration
- iptables-save > /etc/iptables/rules.v4
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement