Modify

Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#264 closed defect (invalid)

S45firewall / iterate over LANs

Reported by: anonymous Owned by: developers
Priority: normal Milestone:
Component: base system Version: 2.0
Keywords: Cc:

Description

IMHO S45 firewall section FORWARDING subsection allow should be changed from:

# allow
iptables -A FORWARD -i br0 -o br0 -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

to sth. like

# allow
[ "$LAN" = "br0" ] && iptables -A FORWARD -i br0 -o br0 -j ACCEPT
for THIS in $LANS; do

iptables -A FORWARD -i $THIS -o $WAN -j ACCEPT
done

where

LANS=$(nvram get lan_ifnames)

is added to the head of the script.

Greetings,
[cc]smart

Attachments (0)

Change History (1)

comment:1 Changed 10 years ago by mbm

  • Resolution set to invalid
  • Status changed from new to closed

The lan_ifnames variable only gets used when lan_ifname starts with br[0-9]; in other words when lan_ifname is a bridge, the lan_ifnames get added to the bridge. After the devices are added to the bridge you never actually see the devices again, you only see them as the new bridge device, so adding these devices to the firewall doesn't make any sense.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.