diff --git a/create_ap b/create_ap index b0cc12b..dcc63f5 100755 --- a/create_ap +++ b/create_ap @@ -8,10 +8,7 @@ # iw # haveged (optional) -# dependencies for 'none' Internet sharing method -# dnsmasq - -# dependencies for 'nat' Internet sharing method +# dependencies for 'nat' or 'none' Internet sharing method # dnsmasq # iptables @@ -122,9 +119,6 @@ cleanup() { iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE iptables -D FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT iptables -D FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT - iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT - iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT - iptables -D INPUT -p udp -m udp --dport 67 -j ACCEPT echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward elif [[ "$SHARE_METHOD" == "bridge" ]]; then ip link set down $BRIDGE_IFACE @@ -132,6 +126,12 @@ cleanup() { fi fi + if [[ "$SHARE_METHOD" != "bridge" ]]; then + iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT + iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT + iptables -D INPUT -p udp -m udp --dport 67 -j ACCEPT + fi + ip link set down dev ${VWIFI_IFACE} ip addr flush ${VWIFI_IFACE} networkmanager_rm_unmanaged ${VWIFI_IFACE} @@ -346,9 +346,6 @@ if [[ "$SHARE_METHOD" != "none" ]]; then iptables -t nat -I POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE || die iptables -I FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die iptables -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die - iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die - iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT || die - iptables -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die echo 1 > /proc/sys/net/ipv4/ip_forward || die elif [[ "$SHARE_METHOD" == "bridge" ]]; then brctl addbr ${BRIDGE_IFACE} || die @@ -368,6 +365,9 @@ fi # start dns + dhcp server if [[ "$SHARE_METHOD" != "bridge" ]]; then + iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die + iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT || die + iptables -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid || die fi