Snippets » Historial » Versió 3
Pau Escrich, 23-04-2014 12:27
| 1 | 1 | Pau Escrich | h1. Snippets |
|---|---|---|---|
| 2 | |||
| 3 | h3. Gateways |
||
| 4 | |||
| 5 | Disable the gateway checker and force a node to publish Internet in the network. |
||
| 6 | <pre> |
||
| 7 | /etc/init.d/gwck stop |
||
| 8 | /etc/init.d/gwck disable |
||
| 9 | killall -9 gwck |
||
| 10 | uci set qmp.services.gwck=0 |
||
| 11 | uci commit |
||
| 12 | |||
| 13 | uci set gateways.inet4_offer.ignore=0 |
||
| 14 | uci set gateways.inet4.ignore=1 |
||
| 15 | uci commit |
||
| 16 | qmpcontrol configure_gw |
||
| 17 | </pre> |
||
| 18 | 2 | Pau Escrich | |
| 19 | h3. Firewall |
||
| 20 | 3 | Pau Escrich | |
| 21 | 2 | Pau Escrich | For those nodes connected directly to Internet you may want to configure a set of firewall rules. This is an example which must be adapted to each situation. |
| 22 | They should be added to the file /etc/firewall.user |
||
| 23 | |||
| 24 | <pre> |
||
| 25 | # Firewall |
||
| 26 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
||
| 27 | iptables -A INPUT -p tcp --dport 22 -j ACCEPT |
||
| 28 | iptables -A INPUT -p tcp --dport 80 -j ACCEPT |
||
| 29 | iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT |
||
| 30 | iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT |
||
| 31 | iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT |
||
| 32 | iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT |
||
| 33 | iptables -A INPUT -p udp --dport 67 -j ACCEPT |
||
| 34 | iptables -A INPUT -p udp --dport 68 -j ACCEPT |
||
| 35 | iptables -P INPUT DROP |
||
| 36 | iptables -P OUTPUT ACCEPT |
||
| 37 | </pre> |