Improve LAN management
This commit is contained in:
parent
710b80e89f
commit
2d30350106
18
firewall
18
firewall
|
@ -182,21 +182,11 @@ start()
|
|||
|
||||
if [ $LAN == 1 ]; then
|
||||
log_action_msg "Allow WAN outgoing traffic from lan"
|
||||
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -d $LAN_NETWORK -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -s $LAN_NETWORK -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
|
||||
log_action_msg "Allow local network"
|
||||
$IPTABLES -A OUTPUT -o $LAN_INT -p all -j ACCEPT
|
||||
$IPTABLES -A INPUT -i $LAN_INT -p all -j ACCEPT
|
||||
for ALLOW_INT in $ALLOW_INTS; do
|
||||
log_action_msg "Allow WAN outgoing traffic for interface $ALLOW_INT"
|
||||
$IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
|
||||
$IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
log_action_msg "Allow local network"
|
||||
$IPTABLES -A OUTPUT -o $ALLOW_INT -p all -j ACCEPT
|
||||
$IPTABLES -A INPUT -i $ALLOW_INT -p all -j ACCEPT
|
||||
done
|
||||
$IPTABLES -A OUTPUT -o $LAN_INT -s $LAN_NETWORK -p all -j ACCEPT
|
||||
$IPTABLES -A INPUT -i $LAN_INT -d $LAN_NETWORK -p all -j ACCEPT
|
||||
fi
|
||||
|
||||
## block spoofing
|
||||
|
|
Reference in New Issue