Snippets » Historial » Revisió 2
Revisió 1 (Pau Escrich, 22-04-2014 17:34) → Revisió 2/3 (Pau Escrich, 23-04-2014 12:26)
h1. Snippets
h3. Gateways
Disable the gateway checker and force a node to publish Internet in the network.
<pre>
/etc/init.d/gwck stop
/etc/init.d/gwck disable
killall -9 gwck
uci set qmp.services.gwck=0
uci commit
uci set gateways.inet4_offer.ignore=0
uci set gateways.inet4.ignore=1
uci commit
qmpcontrol configure_gw
</pre>
h3. Firewall
For those nodes connected directly to Internet you may want to configure a set of firewall rules. This is an example which must be adapted to each situation.
They should be added to the file /etc/firewall.user
<pre>
# Firewall
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p udp --dport 67 -j ACCEPT
iptables -A INPUT -p udp --dport 68 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
</pre>