aboutsummaryrefslogtreecommitdiffstats
path: root/target
diff options
context:
space:
mode:
authorMike Baker <mbm@openwrt.org>2005-05-13 13:49:48 +0000
committerMike Baker <mbm@openwrt.org>2005-05-13 13:49:48 +0000
commitcb841e8c221e43ebd036f52c1e1ab1e19e8f1608 (patch)
tree331ed1426f71df4db72528e8d4380070a77345d7 /target
parent5c05df5969872499ac3be2b325cf250fdb6fd634 (diff)
downloadupstream-cb841e8c221e43ebd036f52c1e1ab1e19e8f1608.tar.gz
upstream-cb841e8c221e43ebd036f52c1e1ab1e19e8f1608.tar.bz2
upstream-cb841e8c221e43ebd036f52c1e1ab1e19e8f1608.zip
cleanup login script, change firewall example
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@881 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target')
-rwxr-xr-xtarget/default/target_skeleton/bin/login35
-rwxr-xr-xtarget/default/target_skeleton/etc/init.d/S45firewall16
2 files changed, 25 insertions, 26 deletions
diff --git a/target/default/target_skeleton/bin/login b/target/default/target_skeleton/bin/login
index 238e971aaf..bb065e54a1 100755
--- a/target/default/target_skeleton/bin/login
+++ b/target/default/target_skeleton/bin/login
@@ -1,21 +1,20 @@
#!/bin/sh
-[ "$FAILSAFE" = "true" ] && exec /bin/ash --login
-
-[ -f /etc/sysconf ] && . /etc/sysconf
-
-if [ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ]; then
- if grep '^root:!' /etc/passwd > /dev/null 2>/dev/null; then
- echo "You need to set a login password to protect your"
- echo "Router from unauthorized access."
- echo
- echo "Use 'passwd' to set your password."
- echo "telnet login will be disabled afterwards,"
- echo "You can then login using SSH."
- echo
- else
- echo "Login failed."
- exit 0
- fi
-fi
+. /etc/sysconf 2>&-
+[ "$FAILSAFE" != "true" ] &&
+[ "$BR2_SYSCONF_TELNET_FAILSAFE_ONLY" = "y" ] &&
+{
+ grep '^root:[^!]' /etc/passwd >&- 2>&- &&
+ {
+ echo "Login failed."
+ exit 0
+ } || {
+cat << EOF
+ === IMPORTANT ============================
+ Use 'passwd' to set your login password
+ this will disable telnet and enable SSH
+ ------------------------------------------
+EOF
+ }
+}
exec /bin/ash --login
diff --git a/target/default/target_skeleton/etc/init.d/S45firewall b/target/default/target_skeleton/etc/init.d/S45firewall
index 7b55643123..a506637255 100755
--- a/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/target/default/target_skeleton/etc/init.d/S45firewall
@@ -1,7 +1,7 @@
#!/bin/sh
. /etc/functions.sh
-export WAN=$(nvram get wan_ifname)
-export LAN=$(nvram get lan_ifname)
+WAN=$(nvram get wan_ifname)
+LAN=$(nvram get lan_ifname)
## CLEAR TABLES
for T in filter nat mangle; do
@@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
### Port forwarding
-# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2
-# iptables -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
+# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
+# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
### INPUT
### (connections with the router as destination)
@@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule
iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+ iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
# allow
- iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
- iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
- iptables -A INPUT -p 47 -j ACCEPT # allow GRE
- iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j DROP
+ iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
+ iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
+ iptables -A INPUT -p gre -j ACCEPT # allow GRE
#
# insert accept rule or to jump to new accept-check table here
#