- Enable SSHd on the device using the gui (Services/Secure Shell)
This allows us to start a terminal session, using any ssh client (including e.g. putty from Windows). - Enable jffs on the device using the gui (Administration/JJFS2 supprt)
Jffs offers a way to store our own files on the device surviving a reboot. - Start a ssh session from your PC and login to the device
(username: root, password as specified in the gui). - Create a new directory "firewall" under /jffs
mkdir /jffs/firewall - Copy, as a starting point, the iptables file generated by the gui to this directory.
cp /tmp/.ipt /jffs/firewall/myipt
Notice that, depending of the version of dd-wrt you are using, this ipt file might be located somewhere else. If it isn't in the location indicated, find it using:
find / -name *ipt*
Also notice that the iptables-save command is not supported on dd-wrt systems (at least on the systems I have been using). - Make sure our own iptables file is loaded when starting the devive instead of /tmp.ipt
nvram set rc_firewall="iptables-restore < /jffs/firewall/myipt"
nvram commit - Now we can edit the myipt file with a remote editor, using scp (from Windows I use WinSCP).
- To test a configuration before rebooting the device you could make a copy of the myipt file
cp /jffs/firewall/myipt /jffs/firewall/myipt_test
Make your changes on that copy first and load it when you are ready to test:
iptables-restore < /jffs/firewall/myipt_test
After a reboot the myipt version will be used again. To make the test version the permanent one, just copy it to myipt.
cp /jffs/firewall/myipt_test /jffs/firewall/myipt
This has been tested using version dd-wrt.v24-26138_NEWD-2_K2.6_big-nv64k.bin on a linksys E1200 V2 device.
Awesome - that's for giving simple explanation !
ReplyDeleteIt is very helpful and Very useful... :)