milibit.blogg.se - Ddwrt firewall builder kevin workaround

Ddwrt firewall builder kevin workaround code#
Ddwrt firewall builder kevin workaround mac#

number of connections attempt - "SYN"-attacks, packet storms.

number of connections per (src/dst) ip address.

A statefull firewall can additionally moderate trackable traffic by: The better ip firewall - a statefull firewall - can pass packet by packet - and if possible (e.g. Here is the current switches.The simplest ip firewall - a packet filter firewall - can pass packet by packet or drop them based on: Instead of typing the entire ssh script, how can I call a script for the iptables commends? How can I change the default switch to “on”? When HA starts the switch default is set to “off”.

Ddwrt firewall builder kevin workaround mac#

Instead of retyping the MAC address to users, can I create a runtime data array of MAC addresses? Running the script using the runtime variables would simplify the management of clients and the scripts. I want to take the script to the next levels:

The workaround is to use iptables -I to insert all rules, so the HA script will togle the preexisting rules with REJECT or ACCEPT. If there are no rules the switch will not work. NOTE: the iptables -R switch replaces existing rules. This allows you to execute commands on the router by doing ssh command. Once you have done the key exchange, HASS will be able to log into the router without a password. I don’t use DD-WRT, so I can’t help with the specifics of that. This would normally be done by a shared-key exchange. In order for this to work, however, you will need to authenticate the connection. What you probably mean to do is have HASS shell into your router to execute the commands.Ĭommand_on: "ssh iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT & iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT" (and my apologies if you realized this, and I misunderstood!) Unless you have a script on your machine with that name, that is why your switch is failing. So your switch as is will try to run a program called “COMMAND LINE”, then it will wait for it to exit (that is what the & does), and then run the iptables commands on your local machine. Thank is the “COMMAND LINE &” in your switch a placeholder for something else? In a command line switch, anything in the quotes on the command_on and command_off line gets executed.

Ddwrt firewall builder kevin workaround code#

My switches.yaml file so far looks line this: SwitchesĬommand_off: “COMMAND LINE & iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT & iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT"Ĭommand_on: “COMMAND LINE & iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT & iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT""Ĭan you perhaps point me to a sample code that I could use for this project? Any other suggestions will be appreciated. Iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT Iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT Iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT Iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT The scripts below are working when I am logged on to the router as root over SSH and Telnet sessions. In concept, the router firewall rules will reject or accept traffic from a specific MAC address.

What I can’t find is a sample for the command line syntax to send the commands to the router over ssh, telnet or perhaps other protocol.

At this time the HA is running, and I have a switch set for sending commands. This is to enable “privilege access” to the internet. I want to use HA to control the internet access with a simple flick of a switch.