howto start/stop/restart post-firewall

[mosoo]

Hi all,

I've got Oleg's firmware running on a wl500gp2 with the help of wengi's tutorial. it's working great but my problem is that l am constantly getting port scanned. what l want is to be able to quickly add an ip (ban it) to the post-firewall file which is running on iptables and to restart it, so the new ban rule would take place immediately. unfortunately, l found no way to restart the firewall other than to reboot the whole router, which isn't really working for me.
can anybody help please?

ps: l know that iptables running as a service can be restarted with
service iptables restart
on some linux distros, but l can't do it on this one.

[wengi]

http://www.wl500g.info/showthread.php?t=19745

wengi

[mosoo]

thank you wengi, once again. I've got some more questions which l'll post there.

[al37919]

I use the following script to restart the firewall after changes in post-firewall:

PHP Code:

#! /bin/sh

PATH=/usr/local/bin:/opt/local/bin:/opt/sbin:/opt/bin:/sbin:/bin:/usr/sbin:/usr/bin

logger -t iptables-restart Restarting firewall.

logger -t iptables Setting default policies
# chain policies
# drop everything and open stuff as necessary
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

logger -t iptables Flushing tables
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
iptables -X
iptables -Z

WANIF=ppp0
LANIF=br0
MANIF=vlan1
WANIP=`ifconfig "${WANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
LANIP=`ifconfig "${LANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
MANIP=`ifconfig "${MANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`

cat /tmp/filter_rules | iptables-restore
cat /tmp/nat_rules | iptables-restore

/usr/local/sbin/post-firewall ${WANIF} ${WANIP} ${LANIF} ${LANIP} ${MANIF} ${MANIP}