iptables question

Mike Lovell mike at dev-zero.net
Tue Nov 4 11:21:47 MST 2008


Hans Fugal wrote:
> I'm not a fan of the OpenWRT firewall scripts (I have yet to meet a
> one-size-fits-all firewall script that I even remotely like), so I just
> hijack /etc/firewall.user with my own script which flushes the chains,
> does its thing, then calls exit. Since this file is sourced by the
> firewall boot script, you effectively commandeer the firewall.
>   
What I did was mod the /etc/firewall.user file. I added a variable with 
the IP addresses I wanted to while list, did a for loop to explicitly 
allow those addresses, and then added a REJECT for the rest. Since it is 
just run as a shell script, it was very easy. I'm not a big fan of how 
OpenWRT does its firewall configuration either. But I don't feel like 
writing my own iptables configuration scripts right now. Maybe in the 
future.

Mike



More information about the PLUG mailing list