Changeset 881


Ignore:
Timestamp:
2005-05-13T15:49:48+02:00 (13 years ago)
Author:
mbm
Message:

cleanup login script, change firewall example

Location:
trunk/openwrt/target/default/target_skeleton
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/openwrt/target/default/target_skeleton/bin/login

    r442 r881  
    11#!/bin/sh 
    2 [ "$FAILSAFE" = "true" ] && exec /bin/ash --login 
     2. /etc/sysconf 2>&- 
    33 
    4 [ -f /etc/sysconf ] && . /etc/sysconf 
    5  
    6 if [ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ]; then 
    7         if grep '^root:!' /etc/passwd > /dev/null 2>/dev/null; then 
    8                 echo "You need to set a login password to protect your" 
    9                 echo "Router from unauthorized access." 
    10                 echo 
    11                 echo "Use 'passwd' to set your password." 
    12                 echo "telnet login will be disabled afterwards," 
    13                 echo "You can then login using SSH." 
    14                 echo 
    15         else 
    16                 echo "Login failed." 
    17                 exit 0 
    18         fi 
    19 fi 
    20  
     4[ "$FAILSAFE" != "true" ] && 
     5[ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ] && 
     6{ 
     7  grep '^root:[^!]' /etc/passwd >&- 2>&- && 
     8  { 
     9    echo "Login failed." 
     10    exit 0 
     11  } || { 
     12cat << EOF 
     13 === IMPORTANT ============================ 
     14  Use 'passwd' to set your login password 
     15  this will disable telnet and enable SSH 
     16 ------------------------------------------ 
     17EOF 
     18  } 
     19} 
    2120exec /bin/ash --login 
  • trunk/openwrt/target/default/target_skeleton/etc/init.d/S45firewall

    r754 r881  
    11#!/bin/sh 
    22. /etc/functions.sh 
    3 export WAN=$(nvram get wan_ifname) 
    4 export LAN=$(nvram get lan_ifname) 
     3WAN=$(nvram get wan_ifname) 
     4LAN=$(nvram get lan_ifname) 
    55 
    66## CLEAR TABLES 
     
    1818 
    1919### Port forwarding 
    20 # iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2 
    21 # iptables        -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT 
     20# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2 
     21# iptables        -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT 
    2222 
    2323### INPUT 
     
    2828  iptables -A INPUT -m state --state INVALID -j DROP 
    2929  iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
     30  iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP 
    3031 
    3132  # allow 
    32   iptables -A INPUT -i \! $WAN -j ACCEPT        # allow from lan/wifi interfaces  
    33   iptables -A INPUT -p icmp -j ACCEPT           # allow ICMP 
    34   iptables -A INPUT -p 47 -j ACCEPT             # allow GRE 
    35   iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP 
     33  iptables -A INPUT -i \! $WAN  -j ACCEPT       # allow from lan/wifi interfaces  
     34  iptables -A INPUT -p icmp     -j ACCEPT       # allow ICMP 
     35  iptables -A INPUT -p gre      -j ACCEPT       # allow GRE 
    3636  # 
    3737  # insert accept rule or to jump to new accept-check table here 
Note: See TracChangeset for help on using the changeset viewer.