You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Limitations:
- We should not add/remove the rules directly in firewall.c file since it is common to all other boards
- We can do by enabling DISTRO_FEATURE . But again we should be knowing the exact rules to remove/add . This should not affect the basic functionalities like board bring up , components bring up , routing packets, etc.,
Steps to persist the new rules:
If to replace all the rules with your set of rules
- Create a script and place it under ./meta-rdk-broadband/recipes-ccsp/util/utopia
Add and install in utopia.bb file
In firewall.c file , create your function to invoke the script instead of service_start(); in main()
static int new_firewall() { system("sh /etc/iptables.sh"); return 0; } |
---|
To have new rules on top of existing rules
- Install your script under /etc
Invoke your script from firewall_log_handle.sh file
/fss/gw/usr/bin/GenFWLog -c /fss/gw/usr/bin/firewall $* /etc/fw_iptables.sh /fss/gw/usr/bin/GenFWLog -gc |
---|
- In script , the rules has to be cleared/flushed before adding . During firewall restarts , if the rules are not cleared before adding , the same rules will be listed multiple times in "iptables -L / -S" .
Manual adding of firewall rules on board
- Place all your new rules in a script under /nvram
In firewall_log_handle.sh file , add a condition as below
if [ -f /nvram/<file>.sh ] then . /nvram/<file>.sh fi |
---|
- Suppose , if any script already running with few set of ip rules (from source code ) which is invoked in firewall_log_handle.sh file , follow the below steps
- copy the existing script from /<original-path> to /nvram
- The changes (adding new rules manually) should be done in the script under /nvram
In firewall_log_handle.sh file , add the condition as
if [ -f /nvram/<file>.sh ] then . /nvram/<file>.sh else . /<original-path>/<file>.sh fi |
---|
- Once the complete verification is done , the script file from /nvram has to be deleted .