create_ap

create a nat-ed wifi ap
git clone git://git.2f30.org/create_ap
Log | Files | Refs | README | LICENSE
commit 4d7a9c372b5f8a26e9b7727f93ec00dfe1f91be6
parent 3d5849e6a4bf158f8e1032d2da3be7b130be7804
Author: oblique <psyberbits@gmail.com>
Date:   Fri, 29 Nov 2013 23:07:26 +0200

Make no Internet sharing mode to work with UFW

Diffstat:

Mcreate_ap | 20++++++++++----------


1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/create_ap b/create_ap
@@ -8,10 +8,7 @@
 #    iw
 #    haveged (optional)
 
-# dependencies for 'none' Internet sharing method
-#    dnsmasq
-
-# dependencies for 'nat' Internet sharing method
+# dependencies for 'nat' or 'none' Internet sharing method
 #    dnsmasq
 #    iptables
 
@@ -122,9 +119,6 @@ cleanup() {
             iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
             iptables -D FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT
             iptables -D FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT
-            iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-            iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT
-            iptables -D INPUT -p udp -m udp --dport 67 -j ACCEPT
             echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward
         elif [[ "$SHARE_METHOD" == "bridge" ]]; then
             ip link set down $BRIDGE_IFACE
@@ -132,6 +126,12 @@ cleanup() {
         fi
     fi
 
+    if [[ "$SHARE_METHOD" != "bridge" ]]; then
+        iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT
+        iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT
+        iptables -D INPUT -p udp -m udp --dport 67 -j ACCEPT
+    fi
+
     ip link set down dev ${VWIFI_IFACE}
     ip addr flush ${VWIFI_IFACE}
     networkmanager_rm_unmanaged ${VWIFI_IFACE}
@@ -346,9 +346,6 @@ if [[ "$SHARE_METHOD" != "none" ]]; then
         iptables -t nat -I POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE || die
         iptables -I FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
         iptables -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die
-        iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die
-        iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT || die
-        iptables -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die
         echo 1 > /proc/sys/net/ipv4/ip_forward || die
     elif [[ "$SHARE_METHOD" == "bridge" ]]; then
         brctl addbr ${BRIDGE_IFACE} || die
@@ -368,6 +365,9 @@ fi
 
 # start dns + dhcp server
 if [[ "$SHARE_METHOD" != "bridge" ]]; then
+    iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die
+    iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT || die
+    iptables -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die
     dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid || die
 fi