Filter
Top Products
_____________________________________________________________________
B096-016 B096-048 and B092-016 User Manual Page 175
Customizing the IP-Filter:
/etc/config/filter-custom
If the standard system firewall configuration is not adequate for your needs, it can be bypassed
safely by creating a file at /etc/config/filter, custom- containing commands to build a
specialized firewall. This firewall script will be run whenever the LAN interface is brought up
(including initially) and will override any automated system firewall settings.
Below is a simple example of a custom script which creates a firewall using the iptables
command. Only incoming connections from computers on a C-class network 192.168.10.0 will
be accepted when this script is installed at /etc/config/filter-custom (Note that when this script
is called, any preexisting chains and rules have been flushed from iptables):
#/bin/sh
# Set default policies to drop any incoming or routable traffic
# and blindly accept anything from the 192.168.10.0 network.
iptables –-policy FORWARD DROP
iptables –-policy INPUT DROP
iptables –-policy OUTPUT ACCEPT
# Allow responses to outbound connections back in.
iptables –-append INPUT \
–-match state –-state ESTABLISHED,RELATED –-jump ACCEPT
# Explicitly accept any connections from computers on
# 192.168.10.0/24
iptables –-append INPUT –-source 192.168.10.0/24 –-jump ACCEPT
Good documentation about using the iptables command can be found at the linux netfilter
website http://netfilter.org/documentation/index.html