diff options
| author | Mike Baker <mbm@openwrt.org> | 2005-05-13 13:49:48 +0000 |
|---|---|---|
| committer | Mike Baker <mbm@openwrt.org> | 2005-05-13 13:49:48 +0000 |
| commit | cb841e8c221e43ebd036f52c1e1ab1e19e8f1608 (patch) | |
| tree | 331ed1426f71df4db72528e8d4380070a77345d7 /target | |
| parent | 5c05df5969872499ac3be2b325cf250fdb6fd634 (diff) | |
| download | upstream-cb841e8c221e43ebd036f52c1e1ab1e19e8f1608.tar.gz upstream-cb841e8c221e43ebd036f52c1e1ab1e19e8f1608.tar.bz2 upstream-cb841e8c221e43ebd036f52c1e1ab1e19e8f1608.zip | |
cleanup login script, change firewall example
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@881 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target')
| -rwxr-xr-x | target/default/target_skeleton/bin/login | 35 | ||||
| -rwxr-xr-x | target/default/target_skeleton/etc/init.d/S45firewall | 16 |
2 files changed, 25 insertions, 26 deletions
diff --git a/target/default/target_skeleton/bin/login b/target/default/target_skeleton/bin/login index 238e971aaf..bb065e54a1 100755 --- a/target/default/target_skeleton/bin/login +++ b/target/default/target_skeleton/bin/login @@ -1,21 +1,20 @@ #!/bin/sh -[ "$FAILSAFE" = "true" ] && exec /bin/ash --login - -[ -f /etc/sysconf ] && . /etc/sysconf - -if [ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ]; then - if grep '^root:!' /etc/passwd > /dev/null 2>/dev/null; then - echo "You need to set a login password to protect your" - echo "Router from unauthorized access." - echo - echo "Use 'passwd' to set your password." - echo "telnet login will be disabled afterwards," - echo "You can then login using SSH." - echo - else - echo "Login failed." - exit 0 - fi -fi +. /etc/sysconf 2>&- +[ "$FAILSAFE" != "true" ] && +[ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ] && +{ + grep '^root:[^!]' /etc/passwd >&- 2>&- && + { + echo "Login failed." + exit 0 + } || { +cat << EOF + === IMPORTANT ============================ + Use 'passwd' to set your login password + this will disable telnet and enable SSH + ------------------------------------------ +EOF + } +} exec /bin/ash --login diff --git a/target/default/target_skeleton/etc/init.d/S45firewall b/target/default/target_skeleton/etc/init.d/S45firewall index 7b55643123..a506637255 100755 --- a/target/default/target_skeleton/etc/init.d/S45firewall +++ b/target/default/target_skeleton/etc/init.d/S45firewall @@ -1,7 +1,7 @@ #!/bin/sh . /etc/functions.sh -export WAN=$(nvram get wan_ifname) -export LAN=$(nvram get lan_ifname) +WAN=$(nvram get wan_ifname) +LAN=$(nvram get lan_ifname) ## CLEAR TABLES for T in filter nat mangle; do @@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule iptables -t nat -N postrouting_rule ### Port forwarding -# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2 -# iptables -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT +# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2 +# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT ### INPUT ### (connections with the router as destination) @@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule iptables -P INPUT DROP iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP # allow - iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces - iptables -A INPUT -p icmp -j ACCEPT # allow ICMP - iptables -A INPUT -p 47 -j ACCEPT # allow GRE - iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP + iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces + iptables -A INPUT -p icmp -j ACCEPT # allow ICMP + iptables -A INPUT -p gre -j ACCEPT # allow GRE # # insert accept rule or to jump to new accept-check table here # |