Changeset 965
- Timestamp:
- 02/23/06 11:29:06 (3 years ago)
- Files:
-
- trunk/wifidog/src/fw_iptables.c (modified) (3 diffs)
- trunk/wifidog/src/util.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wifidog/src/fw_iptables.c
r964 r965 188 188 char * gw_interface = NULL; 189 189 char * gw_address = NULL; 190 char * ext_interface = NULL; 190 191 int gw_port = 0; 191 192 t_trusted_mac *p; … … 198 199 gw_address = safe_strdup(config->gw_address); 199 200 gw_port = config->gw_port; 201 if (config->external_interface) { 202 ext_interface = safe_strdup(config->external_interface); 203 } else { 204 ext_interface = get_ext_iface(); 205 } 200 206 UNLOCK_CONFIG(); 201 207 … … 272 278 iptables_do_command("-t filter -A FORWARD -m state --state INVALID -j DROP"); 273 279 iptables_do_command("-t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT"); 274 iptables_do_command("-t filter -A FORWARD -i %s -m state --state NEW,INVALID -j DROP", gw_interface); 275 iptables_do_command("-t filter -A FORWARD -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", gw_interface); 280 if (ext_interface != NULL) { 281 iptables_do_command("-t filter -A FORWARD -i %s -m state --state NEW,INVALID -j DROP", gw_interface); 282 iptables_do_command("-t filter -A FORWARD -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", gw_interface); 283 } else { 284 /* Will this work even if we don't specify an external interface? */ 285 iptables_do_command("-t filter -A FORWARD -m state --state NEW,INVALID -j DROP"); 286 iptables_do_command("-t filter -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"); 287 } 276 288 277 289 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_AUTHSERVERS); trunk/wifidog/src/util.c
r964 r965 217 217 } 218 218 219 char *get_ gw_iface (void) {219 char *get_ext_iface (void) { 220 220 #ifdef __linux__ 221 221 FILE *input;
