personal_interest_mirrors/linux-router
1
0
Fork 0
mirror of https://github.com/garywill/linux-router.git synced 2025-11-09 11:54:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix port 67 & 5353 accept any interface connection

Browse Source
This commit is contained in:
garywill 2018-08-31 18:41:06 +08:00
parent 517a2ea695
commit a0146ce877
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
create_ap
View File

@ -761,14 +761,14 @@ _cleanup() {
if [[ "$SHARE_METHOD" != "bridge" ]]; then if [[ "$SHARE_METHOD" != "bridge" ]]; then
if [[ $NO_DNS -eq 0 ]]; then if [[ $NO_DNS -eq 0 ]]; then
iptables -w -D INPUT -p tcp -m tcp --dport $DNS_PORT -j ACCEPT iptables -w -D INPUT -i ${WIFI_IFACE} -p tcp -m tcp --dport $DNS_PORT -j ACCEPT
iptables -w -D INPUT -p udp -m udp --dport $DNS_PORT -j ACCEPT iptables -w -D INPUT -i ${WIFI_IFACE} -p udp -m udp --dport $DNS_PORT -j ACCEPT
iptables -w -t nat -D PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ iptables -w -t nat -D PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
-p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT
iptables -w -t nat -D PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ iptables -w -t nat -D PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
-p udp -m udp --dport 53 -j REDIRECT --to-ports $DNS_PORT -p udp -m udp --dport 53 -j REDIRECT --to-ports $DNS_PORT
fi fi
iptables -w -D INPUT -p udp -m udp --dport 67 -j ACCEPT iptables -w -D INPUT -i ${WIFI_IFACE} -p udp -m udp --dport 67 -j ACCEPT
fi fi
if [[ $NO_VIRT -eq 0 ]]; then if [[ $NO_VIRT -eq 0 ]]; then
@ -1801,8 +1801,8 @@ fi
if [[ "$SHARE_METHOD" != "bridge" ]]; then if [[ "$SHARE_METHOD" != "bridge" ]]; then
if [[ $NO_DNS -eq 0 ]]; then if [[ $NO_DNS -eq 0 ]]; then
DNS_PORT=5353 DNS_PORT=5353
iptables -w -I INPUT -p tcp -m tcp --dport $DNS_PORT -j ACCEPT || die iptables -w -I INPUT -i ${WIFI_IFACE} -p tcp -m tcp --dport $DNS_PORT -j ACCEPT || die
iptables -w -I INPUT -p udp -m udp --dport $DNS_PORT -j ACCEPT || die iptables -w -I INPUT -i ${WIFI_IFACE} -p udp -m udp --dport $DNS_PORT -j ACCEPT || die
iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
-p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT || die -p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT || die
iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
@ -1812,7 +1812,7 @@ if [[ "$SHARE_METHOD" != "bridge" ]]; then
fi fi
if [[ $NO_DNSMASQ -eq 0 ]]; then if [[ $NO_DNSMASQ -eq 0 ]]; then
iptables -w -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die iptables -w -I INPUT -i ${WIFI_IFACE} -p udp -m udp --dport 67 -j ACCEPT || die
if which complain > /dev/null 2>&1; then if which complain > /dev/null 2>&1; then
# openSUSE's apparmor does not allow dnsmasq to read files. # openSUSE's apparmor does not allow dnsmasq to read files.