Skip to content

Instantly share code, notes, and snippets.

@ephesus
Last active December 21, 2015 14:29
Show Gist options
  • Save ephesus/6320172 to your computer and use it in GitHub Desktop.
Save ephesus/6320172 to your computer and use it in GitHub Desktop.
First attempt at setting up a wireless AP with no password. For reasons.
#!/bin/bash
IPT=/sbin/iptables
# Flush old rules, old custom tables
echo " * flushing old rules"
$IPT --flush
$IPT --delete-chain
$IPT -t nat -F
# Set default policies for all three default chains
echo " * setting default policies"
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# Enable free use of loopback interfaces
echo " * allowing loopback devices"
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPT -A FORWARD -i eth0 -o wlan0 -m conntrack --ctstate NEW -j ACCEPT
# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
# Allow established and related packets
$IPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i eth0 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT
#Allow all access from wlan0
$IPT -A INPUT -p tcp -i wlan0 -j ACCEPT
#set wireless IP
/bin/ifconfig wlan0 inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
/etc/init.d/dhcpd restart
#start squid and hostapd
/etc/init.d/squid restart
/etc/init.d/hostapd restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment