blob: 2f5e3b040081cf28b6004079d835bfc26c447643 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
#!/bin/sh -e
# create chains for the robinson fake net (depending on the inetable
# state, this is used to route all TCP traffic to a local web server
# or relay all traffic to the intended target):
# - prerouting_robinson_fake: traffic destinated to the fake net
# - prerouting_robinson_inet: traffic destinated to anything outside
# the robinson net
net_robinson=$(uci get cloud.cur.net_robinson)
net_fake=$( uci get cloud.cur.net_fake)
iptables -t nat -N prerouting_robinson_inet
iptables -t nat -N prerouting_robinson_fake
iptables -t nat -I PREROUTING -i br-mesh ! -d $net_robinson \
-j prerouting_robinson_inet
iptables -t nat -I PREROUTING -i br-mesh -d $net_fake \
-j prerouting_robinson_fake
# reject all packets to the robinson fake net that have not been
# catched by a nat rule in the preceeding chains
iptables -t filter -I forward -d $net_fake \
-j REJECT --reject-with icmp-net-unreachable
|
