Show
Ignore:
Timestamp:
01/06/05 09:44:41 (8 years ago)
Author:
aprilp
Message:

* fw_iptables.c: Changed REJECT to DROP for the end of the table Unknown,

REJECT doesn't seem to be available in the NAT table.

* fw_iptables.c: Indented things
* fw_iptables.c Fix: Created the authservers table at the beginning and destroy

at exit time only to avoid recreating it everytime

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/wifidog/src/fw_iptables.c

    r303 r308  
    161161    LOCK_CONFIG(); 
    162162     
    163     iptables_do_command("-t nat -N " TABLE_WIFIDOG_AUTHSERVERS); 
    164     for (auth_server = config->auth_servers; auth_server != NULL; 
    165                     auth_server = auth_server->next) { 
    166         if (auth_server->last_ip == NULL || 
    167                           strcmp(auth_server->last_ip, "0.0.0.0") == 0) { 
    168             iptables_do_command("-t nat -A " TABLE_WIFIDOG_AUTHSERVERS " -d %s -j ACCEPT", auth_server->authserv_hostname); 
    169         } else { 
    170             iptables_do_command("-t nat -A " TABLE_WIFIDOG_AUTHSERVERS " -d %s -j ACCEPT", auth_server->last_ip); 
    171         } 
     163    for (auth_server = config->auth_servers; auth_server != NULL; auth_server = auth_server->next) { 
     164            if (auth_server->last_ip == NULL || strcmp(auth_server->last_ip, "0.0.0.0") == 0) { 
     165                iptables_do_command("-t nat -A " TABLE_WIFIDOG_AUTHSERVERS " -d %s -j ACCEPT", auth_server->authserv_hostname); 
     166            } else { 
     167                iptables_do_command("-t nat -A " TABLE_WIFIDOG_AUTHSERVERS " -d %s -j ACCEPT", auth_server->last_ip); 
     168            } 
    172169    } 
    173170 
     
    185182    fw_quiet = 0; 
    186183     
     184    /* Create authservers table here instead of in iptables_fw_set_authservers 
     185     * so we only have to flush it and not destroy/create every time */ 
     186    iptables_do_command("-t nat -N " TABLE_WIFIDOG_AUTHSERVERS); 
     187 
    187188    iptables_fw_set_authservers(); 
    188189 
     
    211212    iptables_load_ruleset("unknown-users", TABLE_WIFIDOG_UNKNOWN); 
    212213    LOCK_CONFIG(); 
     214 
    213215    /* XXX If there's a rule in global for port 80, it overrides this. */ 
    214216    iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", config->gw_port); 
    215217    UNLOCK_CONFIG(); 
    216     iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j REJECT"); 
     218    iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j DROP"); 
    217219 
    218220    iptables_do_command("-t nat -N " TABLE_WIFIDOG_KNOWN); 
    219     /** Insert global rules BEFORE the "defaults" */ 
     221    /* Insert global rules BEFORE the "defaults" */ 
    220222    iptables_load_ruleset("global", TABLE_WIFIDOG_KNOWN); 
    221223    iptables_load_ruleset("known-users", TABLE_WIFIDOG_KNOWN);