summaryrefslogtreecommitdiff
path: root/package/iptables/files
diff options
context:
space:
mode:
Diffstat (limited to 'package/iptables/files')
-rw-r--r--package/iptables/files/firewall6.conf98
-rwxr-xr-xpackage/iptables/files/firewall6.init32
-rw-r--r--package/iptables/files/ip6tables.postinst3
3 files changed, 0 insertions, 133 deletions
diff --git a/package/iptables/files/firewall6.conf b/package/iptables/files/firewall6.conf
deleted file mode 100644
index 2e86138b2..000000000
--- a/package/iptables/files/firewall6.conf
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh
-echo "configure /etc/firewall6.conf first."
-exit 1
-
-### Interfaces
-WAN=sixxs
-LAN=br0
-WLAN=wlan0
-
-######################################################################
-### Default ruleset
-######################################################################
-
-### Create chains
-ip6tables -N input_rule
-ip6tables -N forwarding_rule
-
-### Default policy
-ip6tables -P INPUT DROP
-ip6tables -P FORWARD DROP
-ip6tables -P OUTPUT DROP
-
-### INPUT
-### (connections with the router as destination)
-
-# base case
-ip6tables -A INPUT -m state --state INVALID -j DROP
-ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-ip6tables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP
-
-# custom rules
-ip6tables -A INPUT -j input_rule
-
-# allow access from anything but WAN
-ip6tables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT
-# allow icmp messages
-ip6tables -A INPUT -p icmp6 -j ACCEPT
-
-# reject
-ip6tables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
-ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable
-
-### OUTPUT
-### (connections with the router as source)
-
-# base case
-ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
-ip6tables -A OUTPUT -p icmp6 -j ACCEPT
-
-### FORWARD
-### (connections routed through the router)
-
-# base case
-ip6tables -A FORWARD -m state --state INVALID -j DROP
-ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-# fix for broken ISPs blocking ICMPv6 "packet too big" packets
-#ip6tables -t mangle -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-
-# custom rules
-ip6tables -A FORWARD -j forwarding_rule
-
-# allow LAN
-ip6tables -A FORWARD -i $LAN -o $WAN -j ACCEPT
-
-######################################################################
-### Default ruleset end
-######################################################################
-
-###
-### Connections to the router
-###
-
-# ssh
-#ip6tables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT
-
-# IPSec
-#ip6tables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT
-#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT
-
-# OpenVPN
-#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT
-
-# PPTP
-#ip6tables -A input_rule -i $WAN -p gre -j ACCEPT
-#ip6tables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
-
-###
-### VPN traffic
-###
-
-# IPSec
-#ip6tables -A forwarding_rule -o ipsec+ -j ACCEPT
-#ip6tables -A forwarding_rule -i ipsec+ -j ACCEPT
-
-# OpenVPN
-#ip6tables -A forwarding_rule -o tun+ -j ACCEPT
-#ip6tables -A forwarding_rule -i tun+ -j ACCEPT
diff --git a/package/iptables/files/firewall6.init b/package/iptables/files/firewall6.init
deleted file mode 100755
index 55631ecc9..000000000
--- a/package/iptables/files/firewall6.init
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-#PKG ip6tables
-#INIT 45
-. /etc/rc.conf
-
-case $1 in
-autostop) ;;
-autostart)
- test x"${firewall6:-NO}" = x"NO" && exit 0
- test x"$firewall6" = x"DAEMON" && test -x /bin/mksh && exec mksh -T- $0 start
- exec sh $0 start
- ;;
-start)
- . /etc/firewall6.conf
- ;;
-stop)
- ### Clear tables
- ip6tables -F
- ip6tables -X
- ip6tables -P INPUT ACCEPT
- ip6tables -P FORWARD ACCEPT
- ip6tables -P OUTPUT ACCEPT
- ;;
-restart)
- sh $0 stop
- sh $0 start
- ;;
-*)
- echo "Usage: $0 {start | stop | restart}"
- ;;
-esac
-exit $?
diff --git a/package/iptables/files/ip6tables.postinst b/package/iptables/files/ip6tables.postinst
deleted file mode 100644
index 90aa932a4..000000000
--- a/package/iptables/files/ip6tables.postinst
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-. $IPKG_INSTROOT/etc/functions.sh
-add_rcconf firewall6 NO