Modify

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#172 closed defect (worksforme)

Hard-coded IF-name in firewall script

Reported by: buri@… Owned by: developers
Priority: normal Milestone: 1.0-rc4
Component: base system Version:
Keywords: firewall script Cc:

Description (last modified by mbm)

--- S45firewall 2006-01-02 17:30:51.000000000 +0100
Hello,
i found a little bug, or rather a typo, in the firewall script.
The interface name for the lan is hard-coded although a variable holding that name exists.

Or maybe I miss understood something...

greetings from switzerland,
erich

+++ S45firewall_fix 2006-01-02 17:42:54.000000000 +0100
@@ -78,7 +78,7 @@

iptables -A FORWARD -j forwarding_rule

# allow

  • iptables -A FORWARD -i br0 -o br0 -j ACCEPT

+ iptables -A FORWARD -i $LAN -o $LAN -j ACCEPT

[ -z "$WAN" ]
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

# reject (what to do with anything not allowed earlier)

Attachments (0)

Change History (2)

comment:1 Changed 12 years ago by florian

  • Resolution set to worksforme
  • Status changed from new to closed

What I propose, is to use something quite different, but which still does the trick, especially, when you have splitted up switch and Wi-Fi :

# if there is bridge splitting this workaround works too
  for iface in $LAN
  do
        iptables -A FORWARD -i $iface -o $iface -j ACCEPT
        [ -z "$WAN" ] || iptables -A FORWARD -i $iface -o $WAN -j ACCEPT
  done

If needed we can add a line to allow forwarding between the switch and Wi-Fi side, but as it is not the default behaviour, let's allow Wi-Fi clients to access the Internet for the moment.

comment:2 Changed 12 years ago by mbm

  • Description modified (diff)

Reverting florian's patch.

The hardcoded br0 was intentional, it's a quirk in the bridging that shows up when linking multiple WDS devices. It is not specific to $LAN and shouldn't be generalized.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.