Last active
December 21, 2015 14:29
-
-
Save ephesus/6320172 to your computer and use it in GitHub Desktop.
First attempt at setting up a wireless AP with no password. For reasons.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
IPT=/sbin/iptables | |
# Flush old rules, old custom tables | |
echo " * flushing old rules" | |
$IPT --flush | |
$IPT --delete-chain | |
$IPT -t nat -F | |
# Set default policies for all three default chains | |
echo " * setting default policies" | |
$IPT -P INPUT DROP | |
$IPT -P FORWARD DROP | |
$IPT -P OUTPUT ACCEPT | |
# Enable free use of loopback interfaces | |
echo " * allowing loopback devices" | |
$IPT -A INPUT -i lo -j ACCEPT | |
$IPT -A OUTPUT -o lo -j ACCEPT | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
$IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128 | |
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
$IPT -A FORWARD -i eth0 -o wlan0 -m conntrack --ctstate NEW -j ACCEPT | |
# All TCP sessions should begin with SYN | |
$IPT -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP | |
# Allow established and related packets | |
$IPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
$IPT -A FORWARD -i eth0 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
$IPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT | |
#Allow all access from wlan0 | |
$IPT -A INPUT -p tcp -i wlan0 -j ACCEPT | |
#set wireless IP | |
/bin/ifconfig wlan0 inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 | |
/etc/init.d/dhcpd restart | |
#start squid and hostapd | |
/etc/init.d/squid restart | |
/etc/init.d/hostapd restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment