cleanup login script, change firewall example

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@881 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 8 insertions, 8 deletions

diff --git a/target/default/target_skeleton/etc/init.d/S45firewall b/target/default/target_skeleton/etc/init.d/S45firewall
index 7b5564312..a50663725 100755
--- a/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/target/default/target_skeleton/etc/init.d/S45firewall
@@ -1,7 +1,7 @@
 #!/bin/sh
 . /etc/functions.sh
-export WAN=$(nvram get wan_ifname)
-export LAN=$(nvram get lan_ifname)
+WAN=$(nvram get wan_ifname)
+LAN=$(nvram get lan_ifname)
 
 ## CLEAR TABLES
 for T in filter nat mangle; do
@@ -17,8 +17,8 @@ iptables -t nat -N prerouting_rule
 iptables -t nat -N postrouting_rule
 
 ### Port forwarding
-# iptables -t nat -A prerouting_rule -p tcp --dport 22 -j DNAT --to 192.168.1.2
-# iptables        -A forwarding_rule -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
+# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
+# iptables        -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
 
 ### INPUT
 ###  (connections with the router as destination)
@@ -27,12 +27,12 @@ iptables -t nat -N postrouting_rule
   iptables -P INPUT DROP
   iptables -A INPUT -m state --state INVALID -j DROP
   iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+  iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP
 
   # allow
-  iptables -A INPUT -i \! $WAN -j ACCEPT	# allow from lan/wifi interfaces 
-  iptables -A INPUT -p icmp -j ACCEPT		# allow ICMP
-  iptables -A INPUT -p 47 -j ACCEPT		# allow GRE
-  iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP
+  iptables -A INPUT -i \! $WAN	-j ACCEPT	# allow from lan/wifi interfaces 
+  iptables -A INPUT -p icmp	-j ACCEPT	# allow ICMP
+  iptables -A INPUT -p gre	-j ACCEPT	# allow GRE
   #
   # insert accept rule or to jump to new accept-check table here
   #