Hi all,
I've got Oleg's firmware running on a wl500gp2 with the help of wengi's tutorial. it's working great but my problem is that l am constantly getting port scanned. what l want is to be able to quickly add an ip (ban it) to the post-firewall file which is running on iptables and to restart it, so the new ban rule would take place immediately. unfortunately, l found no way to restart the firewall other than to reboot the whole router, which isn't really working for me.
can anybody help please?
ps: l know that iptables running as a service can be restarted with
service iptables restart
on some linux distros, but l can't do it on this one.
Übersicht aller HowTos --- HowTo Overview (mostly german)
WL-HDD mit diesem Setup. --- WL-HDD with this setup.
Kein Support per PM - Frage im jeweiligen Thread! --- No support via pm - ask in the according thread!
Eine wirklich gute Idee erkennt man daran, dass ihre Verwirklichung von vorne herein ausgeschlossen erscheint. (Albert Einstein)
thank you wengi, once again. I've got some more questions which l'll post there.
I use the following script to restart the firewall after changes in post-firewall:
PHP Code:
#! /bin/sh
PATH=/usr/local/bin:/opt/local/bin:/opt/sbin:/opt/bin:/sbin:/bin:/usr/sbin:/usr/bin
logger -t iptables-restart Restarting firewall.
logger -t iptables Setting default policies
# chain policies
# drop everything and open stuff as necessary
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
logger -t iptables Flushing tables
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
iptables -X
iptables -Z
WANIF=ppp0
LANIF=br0
MANIF=vlan1
WANIP=`ifconfig "${WANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
LANIP=`ifconfig "${LANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
MANIP=`ifconfig "${MANIF}" | awk -F ":" '/inet addr/{print $2}' | awk '{print $1}'`
cat /tmp/filter_rules | iptables-restore
cat /tmp/nat_rules | iptables-restore
/usr/local/sbin/post-firewall ${WANIF} ${WANIP} ${LANIF} ${LANIP} ${MANIF} ${MANIP}