diff options
| author | Jérôme Schneider <jschneider@entrouvert.com> | 2011-08-03 10:02:59 (GMT) |
|---|---|---|
| committer | Jérôme Schneider <jschneider@entrouvert.com> | 2011-08-03 10:02:59 (GMT) |
| commit | 2d303501062fb51472a3e19ba0de32d640d2ca56 (patch) | |
| tree | 1ad0e2a7653a0d79c576af05bb9e32304af4bd35 | |
| parent | 710b80e89f4ee21497241d6999b5c1588c6ed1dc (diff) | |
| download | eofirewall-2d303501062fb51472a3e19ba0de32d640d2ca56.zip eofirewall-2d303501062fb51472a3e19ba0de32d640d2ca56.tar.gz eofirewall-2d303501062fb51472a3e19ba0de32d640d2ca56.tar.bz2 | |
Improve LAN management
| -rwxr-xr-x | firewall | 18 |
1 files changed, 4 insertions, 14 deletions
@@ -182,21 +182,11 @@ start() if [ $LAN == 1 ]; then log_action_msg "Allow WAN outgoing traffic from lan" - $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT - $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT - + $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -d $LAN_NETWORK -m state --state RELATED,ESTABLISHED -j ACCEPT + $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -s $LAN_NETWORK -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT log_action_msg "Allow local network" - $IPTABLES -A OUTPUT -o $LAN_INT -p all -j ACCEPT - $IPTABLES -A INPUT -i $LAN_INT -p all -j ACCEPT - for ALLOW_INT in $ALLOW_INTS; do - log_action_msg "Allow WAN outgoing traffic for interface $ALLOW_INT" - $IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT - $IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT - - log_action_msg "Allow local network" - $IPTABLES -A OUTPUT -o $ALLOW_INT -p all -j ACCEPT - $IPTABLES -A INPUT -i $ALLOW_INT -p all -j ACCEPT - done + $IPTABLES -A OUTPUT -o $LAN_INT -s $LAN_NETWORK -p all -j ACCEPT + $IPTABLES -A INPUT -i $LAN_INT -d $LAN_NETWORK -p all -j ACCEPT fi ## block spoofing |