Snippets » Historial » Versió 3
Pau Escrich, 23-04-2014 12:27
1 | 1 | Pau Escrich | h1. Snippets |
---|---|---|---|
2 | |||
3 | h3. Gateways |
||
4 | |||
5 | Disable the gateway checker and force a node to publish Internet in the network. |
||
6 | <pre> |
||
7 | /etc/init.d/gwck stop |
||
8 | /etc/init.d/gwck disable |
||
9 | killall -9 gwck |
||
10 | uci set qmp.services.gwck=0 |
||
11 | uci commit |
||
12 | |||
13 | uci set gateways.inet4_offer.ignore=0 |
||
14 | uci set gateways.inet4.ignore=1 |
||
15 | uci commit |
||
16 | qmpcontrol configure_gw |
||
17 | </pre> |
||
18 | 2 | Pau Escrich | |
19 | h3. Firewall |
||
20 | 3 | Pau Escrich | |
21 | 2 | Pau Escrich | For those nodes connected directly to Internet you may want to configure a set of firewall rules. This is an example which must be adapted to each situation. |
22 | They should be added to the file /etc/firewall.user |
||
23 | |||
24 | <pre> |
||
25 | # Firewall |
||
26 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
||
27 | iptables -A INPUT -p tcp --dport 22 -j ACCEPT |
||
28 | iptables -A INPUT -p tcp --dport 80 -j ACCEPT |
||
29 | iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT |
||
30 | iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT |
||
31 | iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT |
||
32 | iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT |
||
33 | iptables -A INPUT -p udp --dport 67 -j ACCEPT |
||
34 | iptables -A INPUT -p udp --dport 68 -j ACCEPT |
||
35 | iptables -P INPUT DROP |
||
36 | iptables -P OUTPUT ACCEPT |
||
37 | </pre> |