KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

cleanup login script, change firewall example

Browse source 
SVN-Revision: 881
This commit is contained in:
Mike Baker 2005-05-13 13:49:48 +00:00
parent 655ea85dec
commit 2ab5d1e15c
2 changed files with 25 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
openwrt/target/default/target_skeleton/bin/login
View file

@ -1,21 +1,20 @@
#!/bin/sh #!/bin/sh
[ "$FAILSAFE" = "true" ] && exec /bin/ash --login . /etc/sysconf 2>&-
[ -f /etc/sysconf ] && . /etc/sysconf
if [ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ]; then
if grep '^root:!' /etc/passwd > /dev/null 2>/dev/null; then
echo "You need to set a login password to protect your"
echo "Router from unauthorized access."
echo
echo "Use 'passwd' to set your password."
echo "telnet login will be disabled afterwards,"
echo "You can then login using SSH."
echo
else
echo "Login failed."
exit 0
fi
fi
[ "$FAILSAFE" != "true" ] &&
[ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ] &&
{
grep '^root:[^!]' /etc/passwd >&- 2>&- &&
{
echo "Login failed."
exit 0
} || {
cat << EOF
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
EOF
}
}
exec /bin/ash --login exec /bin/ash --login

16
openwrt/target/default/target_skeleton/etc/init.d/S45firewall
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
. /etc/functions.sh . /etc/functions.sh
export WAN=$(nvram get wan_ifname) WAN=$(nvram get wan_ifname)
export LAN=$(nvram get lan_ifname) LAN=$(nvram get lan_ifname)
## CLEAR TABLES ## CLEAR TABLES
for T in filter nat mangle; do for T in filter nat mangle; do
@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule iptables -t nat -N postrouting_rule
### Port forwarding ### Port forwarding
# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2 # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
# iptables -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT # iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
### INPUT ### INPUT
### (connections with the router as destination) ### (connections with the router as destination)
@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule
iptables -P INPUT DROP iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# allow # allow
iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
iptables -A INPUT -p 47 -j ACCEPT # allow GRE iptables -A INPUT -p gre -j ACCEPT # allow GRE
iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# #
# insert accept rule or to jump to new accept-check table here # insert accept rule or to jump to new accept-check table here
# #