[SCM] debian-live/config-webc branch, master, updated. eb1f396a199d4bd1eda4739366f40a1edec644ee

Kai Hendry hendry at iki.fi
Sun Apr 19 19:05:34 UTC 2009 

The following commit has been merged in the master branch:
commit eb1f396a199d4bd1eda4739366f40a1edec644ee
Author: Kai Hendry <hendry at iki.fi>
Date:   Sun Apr 19 21:10:03 2009 +0200

    Webconverger has a firewall :-)

diff --git a/webconverger/config/chroot_local-includes/etc/iptables.conf b/webconverger/config/chroot_local-includes/etc/iptables.conf
new file mode 100644
index 0000000..0ee7a52
--- /dev/null
+++ b/webconverger/config/chroot_local-includes/etc/iptables.conf
@@ -0,0 +1,9 @@
+#!/usr/bin/env iptables-restore
+*filter
+:FORWARD DROP [0:0]
+:INPUT DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m udp -p udp --dport 631 -j ACCEPT
+COMMIT
diff --git a/webconverger/config/chroot_local-includes/etc/network/interfaces b/webconverger/config/chroot_local-includes/etc/network/interfaces
index 3659b31..3cc5b33 100644
--- a/webconverger/config/chroot_local-includes/etc/network/interfaces
+++ b/webconverger/config/chroot_local-includes/etc/network/interfaces
@@ -8,12 +8,15 @@ iface lo inet loopback
 # The primary network interface
 allow-hotplug eth0
 iface eth0 inet dhcp
+	pre-up iptables-restore < /etc/iptables.conf
 
 # The wireless network interface (dhcp)
 iface wlan0 inet dhcp
+	pre-up iptables-restore < /etc/iptables.conf
     wpa-driver wext
     wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
 
 iface eth1 inet dhcp
+	pre-up iptables-restore < /etc/iptables.conf
     wpa-driver wext
     wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
diff --git a/webconverger/scripts/config b/webconverger/scripts/config
index e9fe64c..c60fb70 100755
--- a/webconverger/scripts/config
+++ b/webconverger/scripts/config
@@ -5,7 +5,7 @@ MIRROR_SECURITY="http://ftp.de.debian.org/debian-security/"
 
 lh_config noautoconfig \
 	--apt-recommends disabled \
-	--bootappend-live "quiet homepage=http://portal.webconverger.com/ nonetworking nosudo splash firewall" \
+	--bootappend-live "quiet homepage=http://portal.webconverger.com/ nonetworking nosudo splash" \
 	--debian-installer live \
 	--debian-installer-distribution lenny \
 	--cache-stages "bootstrap rootfs" \

-- 
debian-live/config-webc

More information about the debian-live-changes mailing list