Make no Internet sharing mode to work with UFW
This commit is contained in:
parent
3d5849e6a4
commit
4d7a9c372b
20
create_ap
20
create_ap
@ -8,10 +8,7 @@
|
|||||||
# iw
|
# iw
|
||||||
# haveged (optional)
|
# haveged (optional)
|
||||||
|
|
||||||
# dependencies for 'none' Internet sharing method
|
# dependencies for 'nat' or 'none' Internet sharing method
|
||||||
# dnsmasq
|
|
||||||
|
|
||||||
# dependencies for 'nat' Internet sharing method
|
|
||||||
# dnsmasq
|
# dnsmasq
|
||||||
# iptables
|
# iptables
|
||||||
|
|
||||||
@ -122,9 +119,6 @@ cleanup() {
|
|||||||
iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
|
iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
|
||||||
iptables -D FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT
|
iptables -D FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT
|
||||||
iptables -D FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT
|
iptables -D FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT
|
||||||
iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
|
||||||
iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT
|
|
||||||
iptables -D INPUT -p udp -m udp --dport 67 -j ACCEPT
|
|
||||||
echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward
|
echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward
|
||||||
elif [[ "$SHARE_METHOD" == "bridge" ]]; then
|
elif [[ "$SHARE_METHOD" == "bridge" ]]; then
|
||||||
ip link set down $BRIDGE_IFACE
|
ip link set down $BRIDGE_IFACE
|
||||||
@ -132,6 +126,12 @@ cleanup() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$SHARE_METHOD" != "bridge" ]]; then
|
||||||
|
iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
iptables -D INPUT -p udp -m udp --dport 67 -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
||||||
ip link set down dev ${VWIFI_IFACE}
|
ip link set down dev ${VWIFI_IFACE}
|
||||||
ip addr flush ${VWIFI_IFACE}
|
ip addr flush ${VWIFI_IFACE}
|
||||||
networkmanager_rm_unmanaged ${VWIFI_IFACE}
|
networkmanager_rm_unmanaged ${VWIFI_IFACE}
|
||||||
@ -346,9 +346,6 @@ if [[ "$SHARE_METHOD" != "none" ]]; then
|
|||||||
iptables -t nat -I POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE || die
|
iptables -t nat -I POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE || die
|
||||||
iptables -I FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
iptables -I FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
||||||
iptables -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
iptables -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
||||||
iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die
|
|
||||||
iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT || die
|
|
||||||
iptables -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die
|
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward || die
|
echo 1 > /proc/sys/net/ipv4/ip_forward || die
|
||||||
elif [[ "$SHARE_METHOD" == "bridge" ]]; then
|
elif [[ "$SHARE_METHOD" == "bridge" ]]; then
|
||||||
brctl addbr ${BRIDGE_IFACE} || die
|
brctl addbr ${BRIDGE_IFACE} || die
|
||||||
@ -368,6 +365,9 @@ fi
|
|||||||
|
|
||||||
# start dns + dhcp server
|
# start dns + dhcp server
|
||||||
if [[ "$SHARE_METHOD" != "bridge" ]]; then
|
if [[ "$SHARE_METHOD" != "bridge" ]]; then
|
||||||
|
iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die
|
||||||
|
iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT || die
|
||||||
|
iptables -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die
|
||||||
dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid || die
|
dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid || die
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user