Hans Fugal wrote:
I'm not a fan of the OpenWRT firewall scripts (I have yet to meet a
one-size-fits-all firewall script that I even remotely like), so I just
hijack /etc/firewall.user with my own script which flushes the chains,
does its thing, then calls exit. Since this file is sourced by the
firewall boot script, you effectively commandeer the firewall.
What I did was mod the /etc/firewall.user file. I added a variable with
the IP addresses I wanted to while list, did a for loop to explicitly
allow those addresses, and then added a REJECT for the rest. Since it is
just run as a shell script, it was very easy. I'm not a big fan of how
OpenWRT does its firewall configuration either. But I don't feel like
writing my own iptables configuration scripts right now. Maybe in the
future.
Mike
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
