# dnsmasq.confdomain-neededbogus-privdomain=home.lanno-resolvserver=1.

1. # dnsmasq.conf
2. domain-needed
3. bogus-priv
4. domain=home.lan
5. no-resolv
6. server=1.1.1.1
7. server=1.0.0.1
8. dhcp-range=eth1,172.17.7.50,172.17.7.99,12h
9. dhcp-range=wlan0,10.0.0.50,10.0.0.99,12h
10. dhcp-leasefile=/home/USERNAME/dnsmasq.leases
11.  
12. # hostapd.conf
13. ###Configuration for 2.4GHz###
14.  
15. # Interface used by AP
16. interface=wlan0
17.  
18. # Enable 2.4GHz band
19. hw_mode=g
20.  
21. # Channel to use
22. channel=6
23.  
24. # Limit the frequencies used to those allowed in the country
25. ieee80211d=1
26.  
27. # Country code
28. country_code=FI
29.  
30. # 802.11n support
31. ieee80211n=1
32.  
33. # QoS support, also required for full speed on 802.11n/ac/ax
34. wmm_enabled=1
35.  
36. # SSID to broadcast
37. ssid=NAME
38.  
39. # 1=wpa, 2=wep, 3=both
40. auth_algs=1
41.  
42. # WPA2 only
43. wpa=2
44. wpa_key_mgmt=WPA-PSK
45. rsn_pairwise=CCMP
46. wpa_passphrase=PASSWORD
47.  
48. ###Configuration for 5GHz###
49.  
50. # Interface used by AP
51. #interface=wlan0
52. #
53. # Enable 5GHz band
54. #hw_mode=a
55. #
56. # Channel to use
57. #channel=44
58. #
59. # Limit the frequencies used to those allowed in the country
60. #ieee80211d=1
61. #
62. # Country code
63. #country_code=FI
64. #
65. # 802.11ac support
66. #ieee80211ac=1
67. #
68. # QoS support, also required for full speed on 802.11n/ac/ax
69. #wmm_enabled=1
70. #
71. # SSID to broadcast
72. #ssid=NAME
73. #
74. # 1=wpa, 2=wep, 3=both
75. #auth_algs=1
76. #
77. # WPA2 only
78. #wpa=2
79. #wpa_key_mgmt=WPA-PSK
80. #rsn_pairwise=CCMP
81. #wpa_passphrase=PASSWORD
82.  
83. # iptables rule sript
84. #!/bin/bash
85.  
86. # Flush existing rules and set the default policies
87. iptables -F
88. iptables -P INPUT DROP
89. iptables -P FORWARD DROP
90. iptables -P OUTPUT ACCEPT
91.  
92. # Allow established and related connections
93. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
94.  
95. # Allow DHCP traffic for the LAN interface
96. iptables -A INPUT -i eth1 -p udp --dport 67:68 -j ACCEPT
97. iptables -A INPUT -i wlan0 -p udp --dport 67:68 -j ACCEPT
98.  
99. # Allow DNS traffic for the LAN interface
100. iptables -A INPUT -i eth1 -p udp --dport 53 -j ACCEPT
101. iptables -A INPUT -i wlan0 -p udp --dport 53 -j ACCEPT
102.  
103. # Allow traffic from LAN to WAN
104. iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
105. iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
106.  
107. # Allow traffic from WAN to LAN for established connections
108. iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
109. iptables -A FORWARD -i eth0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
110.  
111. # Allow ICMP (ping) from the local network
112. iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -s 172.17.7.0/24 -j ACCEPT
113.  
114. # Allow SSH from the local network
115. iptables -A INPUT -i eth1 -p tcp --dport 22 -s 172.17.7.0/24 -j ACCEPT
116.  
117. # Allow SSH from selected public network
118. iptables -A INPUT -p tcp --dport 22 -s PUBLIC-IP-HERE -j ACCEPT
119.  
120. # Masquerade traffic from LAN to WAN
121. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE --random
122.  
123. # Save the rules to the persistent configuration
124. iptables-save > /etc/iptables/rules.v4
125.  
126. exit 0
127.