Improve LAN management
This commit is contained in:
parent
710b80e89f
commit
2d30350106
18
firewall
18
firewall
|
@ -182,21 +182,11 @@ start()
|
||||||
|
|
||||||
if [ $LAN == 1 ]; then
|
if [ $LAN == 1 ]; then
|
||||||
log_action_msg "Allow WAN outgoing traffic from lan"
|
log_action_msg "Allow WAN outgoing traffic from lan"
|
||||||
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
|
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -d $LAN_NETWORK -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
|
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -s $LAN_NETWORK -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
|
||||||
|
|
||||||
log_action_msg "Allow local network"
|
log_action_msg "Allow local network"
|
||||||
$IPTABLES -A OUTPUT -o $LAN_INT -p all -j ACCEPT
|
$IPTABLES -A OUTPUT -o $LAN_INT -s $LAN_NETWORK -p all -j ACCEPT
|
||||||
$IPTABLES -A INPUT -i $LAN_INT -p all -j ACCEPT
|
$IPTABLES -A INPUT -i $LAN_INT -d $LAN_NETWORK -p all -j ACCEPT
|
||||||
for ALLOW_INT in $ALLOW_INTS; do
|
|
||||||
log_action_msg "Allow WAN outgoing traffic for interface $ALLOW_INT"
|
|
||||||
$IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
|
|
||||||
$IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
log_action_msg "Allow local network"
|
|
||||||
$IPTABLES -A OUTPUT -o $ALLOW_INT -p all -j ACCEPT
|
|
||||||
$IPTABLES -A INPUT -i $ALLOW_INT -p all -j ACCEPT
|
|
||||||
done
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## block spoofing
|
## block spoofing
|
||||||
|
|
Reference in New Issue