Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revision Both sides next revision | ||
|
project:omnia:firewall [2017/04/04 19:52] embargo created: UCI forwarding |
project:omnia:firewall [2017/04/04 20:18] embargo [UCI forwarding] example config script |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ==== UCI forwarding ==== | ==== UCI forwarding ==== | ||
| <code> | <code> | ||
| - | firewall.cfg3b3837=redirect | + | uci add firewall redirect |
| - | firewall.cfg3b3837.dest=dmz_pub | + | uci set firewall.@redirect[].dest=dmz_pub |
| - | firewall.cfg3b3837.dest_ip=172.16.10.20 | + | uci set firewall.@redirect[].dest_ip=172.16.10.20 |
| - | firewall.cfg3b3837.dest_port=22 | + | uci set firewall.@redirect[].dest_port=22 |
| - | firewall.cfg3b3837.enabled=1 | + | uci set firewall.@redirect[].enabled=1 |
| - | firewall.cfg3b3837.name=test1 | + | uci set firewall.@redirect[].name=test1 |
| - | firewall.cfg3b3837.proto=tcp | + | uci set firewall.@redirect[].proto=tcp |
| - | firewall.cfg3b3837.src=wan | + | uci set firewall.@redirect[].src=wan |
| - | firewall.cfg3b3837.src_dport=2222 | + | uci set firewall.@redirect[].src_dport=2222 |
| - | firewall.cfg3b3837.target=DNAT | + | uci set firewall.@redirect[].target=DNAT |
| + | uci commit firewall | ||
| + | </code> | ||
| - | --------------------------------------------------------------- | + | ==== UCI firewalling ==== |
| + | <code> | ||
| + | irewall.@rule[10]=rule | ||
| + | firewall.@rule[10].target='ACCEPT' | ||
| + | firewall.@rule[10].name='VPN' | ||
| + | firewall.@rule[10].src='lan' | ||
| + | firewall.@rule[10].src_ip='10.14.23.0/24' | ||
| + | firewall.@rule[10].proto='all' | ||
| - | firewall.@redirect[0]=redirect | + | config rule |
| - | firewall.@redirect[0].enabled='1' | + | option target 'ACCEPT' |
| - | firewall.@redirect[0].target='DNAT' | + | option name 'VPN' |
| - | firewall.@redirect[0].src='wan' | + | option src 'lan' |
| - | firewall.@redirect[0].dest='dmz_pub' | + | option src_ip '10.14.23.0/24' |
| - | firewall.@redirect[0].proto='tcp' | + | option proto 'all' |
| - | firewall.@redirect[0].src_dport='2222' | + | |
| - | firewall.@redirect[0].dest_ip='172.16.10.20' | + | |
| - | firewall.@redirect[0].dest_port='22' | + | |
| - | firewall.@redirect[0].name='test1' | + | |
| - | + | ||
| - | -------------------------------------------------------------- | + | |
| - | + | ||
| - | config redirect | + | |
| - | option target 'DNAT' | + | |
| - | option src 'wan' | + | |
| - | option dest 'dmz_pub' | + | |
| - | option proto 'tcp' | + | |
| - | option src_dport '2222' | + | |
| - | option dest_ip '172.16.10.20' | + | |
| - | option dest_port '22' | + | |
| - | option name 'test1' | + | |
| </code> | </code> | ||