[Berlin-wireless] Freifunk und IPv6
Patrick Grimm
patrick
Mo Nov 30 17:02:40 CET 2009
Am Mittwoch, 25. November 2009 18:09:10 schrieb Alina Friedrichsen:
> > > Ip6tables ;-) . Ja kenne ich.
> > > Hat da schon jemand ein Script für Kamikaze/uci geschrieben?
> >
> > Jupp.
> >
> > https://lists.openwrt.org/pipermail/openwrt-devel/2009-July/004627.html
>
> Patch im trunk?
Ich hoffe es kommt da rein.
Bis dahin habe ich folgendes in /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
lan='eth0'
freifunk='eth2'
tunnelbroker='sixxs'
IP6TABLES="/usr/sbin/ip6tables"
if test -x $IP6TABLES ; then
$IP6TABLES -F FORWARD
$IP6TABLES -P FORWARD DROP
$IP6TABLES -I FORWARD -j DROP
$IP6TABLES -I FORWARD -j LOG -m limit --limit 3/s --limit-burst 8 --log-prefix "FORWARD:DROP:"
$IP6TABLES -I FORWARD -p icmpv6 -j ACCEPT
$IP6TABLES -I FORWARD -i $lan -o $tunnelbroker -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$IP6TABLES -I FORWARD -i $tunnelbroker -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -I FORWARD -i $freifunk -o $tunnelbroker -j ACCEPT
$IP6TABLES -I FORWARD -i $tunnelbroker -o $freifunk -j ACCEPT
$IP6TABLES -I FORWARD -i $lan -o $freifunk -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$IP6TABLES -I FORWARD -i $freifunk -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -I FORWARD -m state --state INVALID -j DROP
fi
Gruss
Patrick
Mehr Informationen über die Mailingliste Berlin