Home Explore Help
Register Sign In
oss
/
openadk
4
1
Fork 3
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix default firewall script and kernel mod dependencies

Waldemar Brodkorb 15 years ago
parent
6c7111529c
commit
3f23dcd7a5
4 changed files with 12 additions and 5 deletions
Unified View Show Diff Stats
  1. 4 0
      mk/modules.mk
  2. 1 1
      package/iptables/Makefile
  3. 2 4
      package/iptables/files/firewall.conf
  4. 5 0
      target/linux/config/Config.in.netfilter

+ 4 - 0
mk/modules.mk
View File 

@@ -342,6 +342,10 @@ $(eval $(call KMOD_template,NETFILTER_XT_TARGET_NFQUEUE,netfilter-xt-target-nfqu
 
 	$(MODULES_DIR)/kernel/net/netfilter/xt_NFQUEUE \
 
 	$(MODULES_DIR)/kernel/net/netfilter/xt_NFQUEUE \
 
 ,50))
 
 ,50))
 
 
 
+$(eval $(call KMOD_template,NETFILTER_XT_TARGET_TCPMSS,netfilter-xt-target-tcpmss,\
 
+	$(MODULES_DIR)/kernel/net/netfilter/xt_TCPMSS \
 
+,50))
 
+
 
 $(eval $(call KMOD_template,NETFILTER_XT_TARGET_NOTRACK,netfilter-xt-target-notrack,\
 
 $(eval $(call KMOD_template,NETFILTER_XT_TARGET_NOTRACK,netfilter-xt-target-notrack,\
 
 	$(MODULES_DIR)/kernel/net/netfilter/xt_NOTRACK \
 
 	$(MODULES_DIR)/kernel/net/netfilter/xt_NOTRACK \
 
 ,50))
 
 ,50))

+ 1 - 1
package/iptables/Makefile
View File 

@@ -9,7 +9,7 @@ PKG_RELEASE:=		1
 
 PKG_MD5SUM:=		c67cf30e281a924def6426be0973df56
 
 PKG_MD5SUM:=		c67cf30e281a924def6426be0973df56
 
 PKG_DESCR:=		The netfilter firewalling software
 
 PKG_DESCR:=		The netfilter firewalling software
 
 PKG_SECTION:=		net
 
 PKG_SECTION:=		net
 
-PKG_DEPENDS:=		kmod-ip-nf-iptables kmod-nf-conntrack kmod-nf-conntrack-ipv4 kmod-nf-nat kmod-ip-nf-target-masquerade kmod-ip-nf-target-reject kmod-ip-nf-filter
 
+PKG_DEPENDS:=		kmod-ip-nf-iptables kmod-nf-conntrack kmod-nf-conntrack-ipv4 kmod-nf-nat kmod-ip-nf-target-masquerade kmod-ip-nf-target-reject kmod-ip-nf-filter kmod-ip-nf-match-state kmod-netfilter-xt-target-tcpmss
 
 PKG_URL:=		http://www.netfilter.org
 
 PKG_URL:=		http://www.netfilter.org
 
 PKG_SITES:=		http://www.netfilter.org/projects/iptables/files/ \
 
 PKG_SITES:=		http://www.netfilter.org/projects/iptables/files/ \
 
 			ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
 
 			ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \

+ 2 - 4
package/iptables/files/firewall.conf
View File 

@@ -1,13 +1,11 @@
 
 #!/bin/sh
 
 #!/bin/sh
 
-
 
-
 
 echo "configure /etc/firewall.conf first."
 
 echo "configure /etc/firewall.conf first."
 
 exit 1
 
 exit 1
 
 
 
 ### Interfaces
 
 ### Interfaces
 
 WAN=ppp0
 
 WAN=ppp0
 
 LAN=br0
 
 LAN=br0
 
-WLAN=
 
+WLAN=wlan0
 
 
 
 ######################################################################
 
 ######################################################################
 
 ### Default ruleset
 
 ### Default ruleset
 
@@ -29,7 +27,7 @@ iptables -P FORWARD DROP
 
 # base case
 
 # base case
 
 iptables -A INPUT -m state --state INVALID -j DROP
 
 iptables -A INPUT -m state --state INVALID -j DROP
 
 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
-iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
 
+iptables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP
 
 
 
 # custom rules
 
 # custom rules
 
 iptables -A INPUT -j input_rule
 
 iptables -A INPUT -j input_rule

+ 5 - 0
target/linux/config/Config.in.netfilter
View File 

@@ -189,6 +189,11 @@ config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_NFQUEUE
 
 	  As opposed to QUEUE, it supports 65535 different queues,
 
 	  As opposed to QUEUE, it supports 65535 different queues,
 
 	  not just one.
 
 	  not just one.
 
 
 
+config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_TCPMSS
 
+	tristate 'TCPMSS target'
 
+	select ADK_KERNEL_NETFILTER_XTABLES
 
+	help
 
+
 
 endmenu
 
 endmenu
 
 
 
 menu "IP: Netfilter Configuration"
 
 menu "IP: Netfilter Configuration"