[OpenWrt-Devel] About the new uci firewall
Hi, i was trying to use my firewall.user script with the new uci firewall. In order to do so i've uncommented the include section in /etc/config/firewall. My script is basically the default with the lines that allow ssh login uncommented: iptables -F input_rule iptables -F output_rule iptables -F forwarding_rule iptables -t nat -F prerouting_rule iptables -t nat -F postrouting_rule iptables -F input_wan iptables -F forwarding_wan iptables -t nat -F prerouting_wan iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT iptables-A input_wan -p tcp --dport 22 -j ACCEPT However after rebooting the box i still cannot ssh on the wan. If i stop the firewall everything works fine. Any hints?!?! Maybe it could be useful to add a commented section in /etc/config/firewall for allowing ssh access on the wan. -- Roberto Riggio, PhD CREATE-NET Via alla Cascata 56/C 38100 Trento (Italy) E-mail: [EMAIL PROTECTED] HomePage: http://disi.unitn.it/~riggio/ Tel: +39.0461.314.960 Fax: +39.0461.314.972 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] About the new uci firewall
Try this: uci add firewall rule uci set [EMAIL PROTECTED] uci set [EMAIL PROTECTED] uci set [EMAIL PROTECTED] uci set [EMAIL PROTECTED] uci commit firewall Greetings Cyrus ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] UCI Firewall rules for transient interfaces
I use OpenWrt as a bluetooth AP server for a Treo650 (with the Treo connecting *to* the OpenWrt router for access to the internet, to save GPRS charges when at home). This is the opposite of how most people use ppp, bluetooth and openwrt (where they use ppp to dial out to the internet through the bluetooth phone ...). So I have a ppp0 interface, which only exists when the bluetooth connection is up (which is done on demand from the phone). So in /etc/config/network, I have: config 'interface' 'ppp' option 'ifname' 'ppp0' but don't know what 'proto' I should set there, since 'ppp seems to mean a dial-out ppp connection, rather than a dial-in ppp server. Also, when the ppp connection comes up, /var/state/network does not get an 'up' entry for the ppp interface - how can I get that to record the state of the ppp interface? I have the following uci firewall rules: config zone option name ppp option inputACCEPT option output ACCEPT option forward DROP config forwarding option src ppp option dest wan How do I get my ppp firewall zone to be added to iptables when the bluetooth connection comes up, and removed when the connection goes down, or alternatively, how can I get them to be inserted once on boot even though the ppp0 interface doesn't exist on boot? -- Rod ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel