Em 17-06-2010 18:59, Shosholoza escreveu: > > It is possible to use this script with SHR unstable? > I tried but I found this error: > Starting iptables firewall: iptables: No chain/target/match by that name. > iptables: No chain/target/match by that name. >
Yes, but you may have to load the right modules. I have this *very* basic script to setup my Neo's firewall (see attachment). Hope it helps. Rui
#!/bin/sh iptables=/usr/sbin/iptables $iptables -F INPUT $iptables -F OUTPUT $iptables -F FORWARD $iptables -P INPUT DROP $iptables -P OUTPUT DROP $iptables -P FORWARD DROP # prepare for accounting $iptables -F GPRS $iptables -N GPRS # my laptop and me $iptables -A INPUT -i usb0 -s 192.168.0.200 -j ACCEPT $iptables -A OUTPUT -o usb0 -d 192.168.0.200 -j ACCEPT # allow outgoing NEW traffic regardless of interface $iptables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT # allow incoming related traffic regardless of interface $iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # accounting $iptables -A OUTPUT -o ppp0 -j GPRS $iptables -A FORWARD -o ppp0 -j GPRS $iptables -A INPUT -i ppp0 -j GPRS # forward and masquerade traffic from my computer $iptables -A FORWARD -i usb0 -o ppp0 -s 192.168.0.200 -m state --state NEW,ESTABLISHED -j ACCEPT $iptables -A FORWARD -i ppp0 -o usb0 -d 192.168.0.200 -m state --state RELATED,ESTABLISHED -j ACCEPT $iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
_______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
