diff options
Diffstat (limited to 'package/iptables/files')
-rw-r--r-- | package/iptables/files/firewall6.conf | 98 | ||||
-rwxr-xr-x | package/iptables/files/firewall6.init | 32 | ||||
-rw-r--r-- | package/iptables/files/ip6tables.postinst | 3 |
3 files changed, 0 insertions, 133 deletions
diff --git a/package/iptables/files/firewall6.conf b/package/iptables/files/firewall6.conf deleted file mode 100644 index 2e86138b2..000000000 --- a/package/iptables/files/firewall6.conf +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -echo "configure /etc/firewall6.conf first." -exit 1 - -### Interfaces -WAN=sixxs -LAN=br0 -WLAN=wlan0 - -###################################################################### -### Default ruleset -###################################################################### - -### Create chains -ip6tables -N input_rule -ip6tables -N forwarding_rule - -### Default policy -ip6tables -P INPUT DROP -ip6tables -P FORWARD DROP -ip6tables -P OUTPUT DROP - -### INPUT -### (connections with the router as destination) - -# base case -ip6tables -A INPUT -m state --state INVALID -j DROP -ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -ip6tables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP - -# custom rules -ip6tables -A INPUT -j input_rule - -# allow access from anything but WAN -ip6tables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT -# allow icmp messages -ip6tables -A INPUT -p icmp6 -j ACCEPT - -# reject -ip6tables -A INPUT -p tcp -j REJECT --reject-with tcp-reset -ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable - -### OUTPUT -### (connections with the router as source) - -# base case -ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT -ip6tables -A OUTPUT -p icmp6 -j ACCEPT - -### FORWARD -### (connections routed through the router) - -# base case -ip6tables -A FORWARD -m state --state INVALID -j DROP -ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - -# fix for broken ISPs blocking ICMPv6 "packet too big" packets -#ip6tables -t mangle -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - -# custom rules -ip6tables -A FORWARD -j forwarding_rule - -# allow LAN -ip6tables -A FORWARD -i $LAN -o $WAN -j ACCEPT - -###################################################################### -### Default ruleset end -###################################################################### - -### -### Connections to the router -### - -# ssh -#ip6tables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT - -# IPSec -#ip6tables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT -#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT - -# OpenVPN -#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT - -# PPTP -#ip6tables -A input_rule -i $WAN -p gre -j ACCEPT -#ip6tables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT - -### -### VPN traffic -### - -# IPSec -#ip6tables -A forwarding_rule -o ipsec+ -j ACCEPT -#ip6tables -A forwarding_rule -i ipsec+ -j ACCEPT - -# OpenVPN -#ip6tables -A forwarding_rule -o tun+ -j ACCEPT -#ip6tables -A forwarding_rule -i tun+ -j ACCEPT diff --git a/package/iptables/files/firewall6.init b/package/iptables/files/firewall6.init deleted file mode 100755 index 55631ecc9..000000000 --- a/package/iptables/files/firewall6.init +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -#PKG ip6tables -#INIT 45 -. /etc/rc.conf - -case $1 in -autostop) ;; -autostart) - test x"${firewall6:-NO}" = x"NO" && exit 0 - test x"$firewall6" = x"DAEMON" && test -x /bin/mksh && exec mksh -T- $0 start - exec sh $0 start - ;; -start) - . /etc/firewall6.conf - ;; -stop) - ### Clear tables - ip6tables -F - ip6tables -X - ip6tables -P INPUT ACCEPT - ip6tables -P FORWARD ACCEPT - ip6tables -P OUTPUT ACCEPT - ;; -restart) - sh $0 stop - sh $0 start - ;; -*) - echo "Usage: $0 {start | stop | restart}" - ;; -esac -exit $? diff --git a/package/iptables/files/ip6tables.postinst b/package/iptables/files/ip6tables.postinst deleted file mode 100644 index 90aa932a4..000000000 --- a/package/iptables/files/ip6tables.postinst +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -. $IPKG_INSTROOT/etc/functions.sh -add_rcconf firewall6 NO |