full of … these

OpenWrt, limit the access to the internet

Posted: September 3rd, 2009 | Author: paul | Filed under: howto, linux | Tags: , , , , , , | No Comments »

I just tried a Linksys WRT54GL. It’s nice, but what if you have to add hotspot services on it.
I have installed Coova for fun.
A common scenario is to have anonymous clients accessing it with all kind of systems, all kind of software and, of-course, viruses trojans.
So, just to be prepared you want to allow access only to a few ports: 80 (http), 443 (https), 5222 (jabber), 5050 (yahoo messenger), 1863 (MSN), etc.

All you have to do is to add the following two lines in /etc/firewall.user below “Allow SSH on the WAN interface” section:
iptables -A forwarding_rule -i br0 -m multiport --dports 80,443,5222,5050,1863 -j ACCEPT
iptables -A forwarding_rule -i br0 -j DROP

Now restart the firewall:
/etc/init.d/S35firewall restart
Test.

That’s all.

Zone-Based Policy Firewall links

Posted: October 16th, 2008 | Author: paul | Filed under: howto, online | Tags: , , , , | No Comments »

I am using this type of cisco firewall on some routers, but I wanted to read more on this topic.
Searching google gave just a few quality links.
Here is what I have found:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd8062a909.pdf

The second was found on techrepublic.

Enjoy.

If you have more interesting links on this topic please let me know.