bugfix: Tunnel Firewall: Accept SNMP and default to block on input chain instead of accept

2016-01-21 20:39:59 -08:00 · 2016-01-21 20:39:59 -08:00 · 29ba1c0419
parent 0f837d601a
commit 29ba1c0419
1 changed files with 2 additions and 1 deletions
--- a/files/etc/local/mesh-firewall/01-tunnels
+++ b/files/etc/local/mesh-firewall/01-tunnels
@ -63,13 +63,14 @@ if [ $rules_exist -eq 0  ] ; then
        iptables -A zone_vpn_input -p tcp -m tcp --dport 1978 -j ACCEPT
        iptables -A zone_vpn_input -p tcp -m tcp --dport 23 -j ACCEPT
        iptables -A zone_vpn_input -p tcp -m tcp --dport 9090 -j ACCEPT
+        iptables -A zone_vpn_input -p udp -m udp --dport 161 -j ACCEPT
+        iptables -A zone_vpn_input -j zone_vpn_REJECT
        iptables -I zone_vpn_forward 1 -j zone_vpn_ACCEPT
 	if [ "$MESHFW_MESHGW" -eq 1 ] ; then
        	iptables -I zone_vpn_forward -j zone_wan_dest_ACCEPT
 	else
        	iptables -I zone_vpn_forward -j zone_wan_dest_REJECT
 	fi
-        iptables -A zone_vpn_input -j zone_vpn_ACCEPT
        iptables -A zone_vpn_ACCEPT -o tun+ -j ACCEPT
        iptables -A zone_vpn_ACCEPT -i tun+ -j ACCEPT
        iptables -A zone_vpn_DROP -o tun+ -j DROP