Projecte

General

Perfil

Snippets

Gateways

Disable the gateway checker and force a node to publish Internet in the network.

/etc/init.d/gwck stop
/etc/init.d/gwck disable
killall -9 gwck
uci set qmp.services.gwck=0
uci commit

uci set gateways.inet4_offer.ignore=0
uci set gateways.inet4.ignore=1
uci commit
qmpcontrol configure_gw

Firewall

For those nodes connected directly to Internet you may want to configure a set of firewall rules. This is an example which must be adapted to each situation.
They should be added to the file /etc/firewall.user

# Firewall
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p udp --dport 67 -j ACCEPT
iptables -A INPUT -p udp --dport 68 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT