projects
/
librecmc
/
librecmc.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e8d61c7
)
Only masquerade non routable addresses (#2535)
author
Florian Fainelli
<florian@openwrt.org>
Mon, 29 Oct 2007 10:31:16 +0000
(10:31 +0000)
committer
Florian Fainelli
<florian@openwrt.org>
Mon, 29 Oct 2007 10:31:16 +0000
(10:31 +0000)
SVN-Revision: 9460
package/iptables/files/firewall.init
patch
|
blob
|
history
diff --git
a/package/iptables/files/firewall.init
b/package/iptables/files/firewall.init
index 388c5b4f91da28169884c66a63008065501fc18e..9d8a405ab0ff338b95fc8afeeb69bdf6925dabab 100755
(executable)
--- a/
package/iptables/files/firewall.init
+++ b/
package/iptables/files/firewall.init
@@
-105,7
+105,10
@@
start() {
iptables -t nat -A PREROUTING -j prerouting_rule
[ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan
iptables -t nat -A POSTROUTING -j postrouting_rule
iptables -t nat -A PREROUTING -j prerouting_rule
[ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan
iptables -t nat -A POSTROUTING -j postrouting_rule
- [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+ ### Only RFC1918 addresses
+ [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 192.168.0.0/16 -o $WAN -j MASQUERADE
+ [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 172.16.0.0/12 -o $WAN -j MASQUERADE
+ [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 10.0.0.0/8 -o $WAN -j MASQUERADE
iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
iptables -t nat -A NEW -j DROP
iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
iptables -t nat -A NEW -j DROP