From 40249cfd9321b74ac59c443cc4698fc980d8e4eb Mon Sep 17 00:00:00 2001 From: oblique Date: Fri, 29 Nov 2013 23:49:47 +0200 Subject: [PATCH] bridge mode now works with UFW --- create_ap | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/create_ap b/create_ap index 6166c9b..3eaa692 100755 --- a/create_ap +++ b/create_ap @@ -101,6 +101,7 @@ VWIFI_IFACE= INTERNET_IFACE= BRIDGE_IFACE= OLD_IP_FORWARD= +OLD_BRIDGE_IPTABLES= cleanup() { echo @@ -119,10 +120,11 @@ cleanup() { iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE iptables -D FORWARD -i ${VWIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT iptables -D FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT - echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward + [[ -n $OLD_IP_FORWARD ]] && echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward elif [[ "$SHARE_METHOD" == "bridge" ]]; then ip link set down $BRIDGE_IFACE brctl delbr $BRIDGE_IFACE + [[ -n $OLD_BRIDGE_IPTABLES ]] && echo $OLD_BRIDGE_IPTABLES > /proc/sys/net/bridge/bridge-nf-call-iptables fi fi @@ -223,6 +225,7 @@ if [[ -n $WIFI_IFACE_CHANNEL && $WIFI_IFACE_CHANNEL -ne $CHANNEL ]]; then fi if [[ "$SHARE_METHOD" == "bridge" ]]; then + OLD_BRIDGE_IPTABLES=$(cat /proc/sys/net/bridge/bridge-nf-call-iptables) BRIDGE_IFACE=$(get_avail_bridge) if [[ -z $BRIDGE_IFACE ]]; then echo "ERROR: No availabe bridges < br100" @@ -351,6 +354,9 @@ if [[ "$SHARE_METHOD" != "none" ]]; then iptables -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die echo 1 > /proc/sys/net/ipv4/ip_forward || die elif [[ "$SHARE_METHOD" == "bridge" ]]; then + # disable iptables rules for bridged interfaces + echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables || die + # create and initialize bridged interface brctl addbr ${BRIDGE_IFACE} || die brctl addif ${BRIDGE_IFACE} ${INTERNET_IFACE} || die dhclient -pf $CONFDIR/dhclient.pid ${BRIDGE_IFACE} || die