Re: [fonosfera] Iptable rules in firewall.user don't last anymore - after fw2.3.6.0 serverside change?

Fri, 16 Apr 2010 06:37:24 -0700 

Hi to all,

I think that it works only for a few minutes because
/etc/fonestated/FWallDeamon begins flushing input_daemon chain.

Maybe you could try to declare your service in /etc/config/services adding
something like:

config service myhttpd
        option path "/pathto/yourHttpd"
        option order 16
        option name "MyWeb"
        option fwall 1
        list tcp_port  8080

instead adding a firewall.user file with custom iptables directives.

Hope it helps.

Bye


On Fri, Apr 16, 2010 at 13:32, Kyros Hariri <[email protected]> wrote:

> Hi Inouk,
>
> Ok, I proceeded as you wrote so there is now a firewall.websrv using:
>
> > uci add firewall include; uci set
> > firewa...@include[-1].path=/etc/firewall.websrv; uci commit firewall
> > echo "iptables -A input_daemon -p tcp --dport 8080 -j zone_wan_ACCEPT"
> > >> /etc/firewall.websrv
>
> So now I get:
>
> > r...@fonera:~# cat /etc/config/firewall | grep -A 1 "include"
> > config 'include'
> >     option 'path' '/etc/firewall.fon'
> > --
> > config 'include' 'proxy'
> >     option 'path' '/etc/firewall.proxy'
> > --
> > config 'include'
> >     option 'path' '/etc/firewall.user'
> > --
> > config 'include'
> >     option 'path' '/etc/firewall.websrv'
> > r...@fonera:~#
>
> But unfortunately again - as I wrote to Matthijs before - after entering
> this and after rebooting as well the settings are not effective for the
> running webserver process which is enabled by wan access in
> firewall.websrv ( -> inside this file you only find the line: iptables
> -A input_daemon -p tcp --dport 8080 -j zone_wan_ACCEPT).
> When I then enter this command vis SSH the hosted webpages on the
> usb-stick are accessible from the web - but only for a few minutes.
>
> Regards, Kyros
>
>
>
>
> -------- Original Message  --------
> Subject: Re: [fonosfera] Iptable rules in firewall.user don't last
> anymore - after fw2.3.6.0 serverside change?
> From: Inouk Bourgon <[email protected]>
> To: [email protected]
> Date: Fri Apr 16 2010 12:52:34 GMT+0200 (CEST)
> > [...]
> > firewall.user might be used by something else... You may want to pick
> > a name specific to your app like /etc/firewall.websrv or so. If you
> > one day you want to release your work through a plugin you will just
> > have to add to your install script:
> >
> > uci add firewall include; uci set
> > firewa...@include[-1].path=/etc/firewall.websrv; uci commit firewall
> >
> >
> >
> > Inouk
>
>
> _______________________________________________
> Development mailing list
> [email protected]
> http://fonosfera.org/mailman/listinfo/development
>

_______________________________________________
Development mailing list
[email protected]
http://fonosfera.org/mailman/listinfo/development

Reply via email to