Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## wan: vlan1
- ## lan: br0
- ## wifi: eth1
- ## permit incoming connections from WLAN
- iptables -I INPUT 2 -i eth1 -m state --state NEW -j logaccept
- ## fixup forwarding table
- ## the lan2wan target didn't work for me, replace it with straight accept
- iptables -R FORWARD 5 -i br0 -o vlan1 -j ACCEPT
- ## permit WLAN -> WAN
- iptables -I FORWARD 7 -i eth1 -o vlan1 -j ACCEPT
- ## disallow WLAN -> LAN
- iptables -I FORWARD 7 -i eth1 -o br0 -m state --state NEW -j DROP
- ## disallow LAN -> WLAN
- iptables -I FORWARD -i br0 -o eth1 -m state --state NEW -j DROP
- ## disallow WLAN -> WAN subnet
- iptables -I FORWARD -i eth1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP
- ## disallow WLAN -> direct router access
- iptables -I INPUT -i eth1 -m state --state NEW -j DROP
- ## Allow WLAN -> DHCP on the router
- iptables -I INPUT -i eth1 -p udp --dport 67 -j ACCEPT
- ## Allow WLAN -> DNS on the router
- iptables -I INPUT -i eth1 -p udp --dport 53 -j ACCEPT
- iptables -I INPUT -i eth1 -p tcp --dport 53 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement