iptables question
Mike Lovell
mike at dev-zero.net
Tue Nov 4 11:21:47 MST 2008
Hans Fugal wrote:
> I'm not a fan of the OpenWRT firewall scripts (I have yet to meet a
> one-size-fits-all firewall script that I even remotely like), so I just
> hijack /etc/firewall.user with my own script which flushes the chains,
> does its thing, then calls exit. Since this file is sourced by the
> firewall boot script, you effectively commandeer the firewall.
>
What I did was mod the /etc/firewall.user file. I added a variable with
the IP addresses I wanted to while list, did a for loop to explicitly
allow those addresses, and then added a REJECT for the rest. Since it is
just run as a shell script, it was very easy. I'm not a big fan of how
OpenWRT does its firewall configuration either. But I don't feel like
writing my own iptables configuration scripts right now. Maybe in the
future.
Mike
More information about the PLUG
mailing list