[TriLUG] Anybody using DD-WRT?

OlsonE at aosa.army.mil OlsonE at aosa.army.mil
Fri Aug 1 08:14:42 EDT 2008


Downloaded and installed v24-sp1 last night and mine didn't have those
rules.

-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
Behalf Of John Wheeler
Sent: Friday, August 01, 2008 8:09 AM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] Anybody using DD-WRT?

err, pardon.

that first step should actually be:

30, 59 * * * * root /tmp/custom.sh

:-/

John Wheeler
Web Applications Developer
jcw.dev at gmail.com
336-255-8004

On Aug 1, 2008, at 7:30 AM, John Wheeler wrote:

> As a temporary fix until the corrections make their way into the
> current builds:
>
> 1) Goto the "Administration" tab and in the Cron section make sure
> Cron is enabled and paste the following into the Additional cron jobs:
>
30, 59 * * * * root /tmp/custom.sh
>
>
> 2) Find the "Commands" sub-tab up top and paste the following script
> into the Command Shell box:
>
> #!/bin/sh
> #
> # DD-WRT v2.4 errant firewall rules temporary fix.
>
> echo Testing for errant firewall rules...
> LINE1=`iptables -L INPUT -n --line-numbers | grep 194\.231\.229\.20 |
> awk '{print $1}'`
>
> if [ -z "$LINE1" ]
> then
> echo Errant 194.231.229.20 rule not found.
> else
> iptables -D INPUT $LINE1
> echo Errant 194.231.229.20 rule removed.
> fi
>
> LINE2=`iptables -L INPUT -n --line-numbers | grep 212\.65\.2\.116 |
> awk '{print $1}'`
>
> if [ -z "$LINE2" ]
> then
> echo Errant 212.65.2.116 rule not found.
> else
> iptables -D INPUT $LINE2
> echo Errant 212.65.2.116 rule removed.
> fi
>
> Now just hit the "Save Custom Script" button.
>
> Every 30 minutes your router will check to see if the bad rules are
> there and remove them.
> You may wonder why use a cron job instead of the startup or, more
> appropriately, the firewall script option.
> Well it seems that the startup script runs before the firewall is
> initiated. And the firewall script will run before the system adds
> these IPs in.
> Every time the firewall restarts or, of course, whenever the router
> reboots, the rules will pop back up, though neither should happen very
> often.
>
>
> John Wheeler
> Web Applications Developer
> jcw.dev at gmail.com
> 336-255-8004
>
>
> On Aug 1, 2008, at 1:21 AM, John Wheeler wrote:
>
>> http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783
>>
>> It looks like as a result of your thread a patch has been issued but
>> the latest builds don't seem to be updated yet.
>>
>> John Wheeler
>> Web Applications Developer
>> jcw.dev at gmail.com
>> 336-255-8004
>>
>> On Jul 31, 2008, at 11:54 PM, Jason Herr wrote:
>>
>>> They were taking it out according to your thread, but it got me
>>> looking
>>> at the code that contained it as a default:
>>> /src/router/services/sysinit/defaults.c
>>>
>>> Found via google, it starts wierd (comments in the head of the file
>>> don't mention licensing, but do talk about being created by
>>> Broadcom),
>>> and the #IFDEFs in this thing are a hodgepodge of nastiness.  It may
>>> be
>>> they make special build options for people who use various service
>>> providers?
>>>
>>> heading comments from:
>>> http://svn.dd-wrt.com:8000/dd-wrt/changeset/6627? 
>>> format=diff&new=6627
>>> /*
>>> * Router default NVRAM values
>>> *
>>> * Copyright 2001-2003, Broadcom Corporation
>>> * All Rights Reserved.
>>> *
>>> * THIS SOFTWARE IS OFFERED "AS IS", AND BROADCOM GRANTS NO  
>>> WARRANTIES
>>> F ANY
>>> * KIND, EXPRESS OR IMPLIED, BY STATUTE, COMMUNICATION OR OTHERWISE.
>>> BROADCOM
>>> * SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
>>> FITNESS
>>> * FOR A SPECIFIC PURPOSE OR NONINFRINGEMENT CONCERNING THIS  
>>> SOFTWARE.
>>> *
>>> * $Id: defaults.c,v 1.11 2005/11/30 11:53:42 seg Exp $
>>> */
>>>
>>> The addresses are now only found in an ifdef for something called
>>> HAVE_GGEW.
>>>
http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/services/sysinit/de
faults.c
>>>
>>>
>>> Not sure what to make of it, but it was interesting reading.
>>>
>>> J
>>>
>>>
>>> Brian Daniels wrote:
>>>> On Thu, Jul 31, 2008 at 04:10:38PM -0400, John Wheeler wrote:
>>>>> What services do you have turned on for this setup? Have you
>>>>> modified
>>>>> the default options much?
>>>>
>>>> A bit.  I set up port forwarding, and OpenVPN.  Wpa key and
>>>> passwords.  Dyndns.
>>>> Nothing really unusual other than the vpn, and that was just
>>>> pasting keys into
>>>> the web interface.  I haven't made any changes through ssh,
>>>> everything was done
>>>> with the web interface.
>>>>
>>>> I've made a post on their forums:
>>>> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=197399#197399
>>>> and found another user reporting the same issue earlier in the
>>>> month.  He got a
>>>> bogus reply about it being for pinging, and no one followed up
>>>> further.
>>>>
>>>> I'll post back here if I learn more, but I'm not using DD-WRT for
>>>> the moment.
>>>>
>>>> --Brian
>>>>
>>>>
>>>
>>> -- 
>>> TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
>> -- 
>> TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> -- 
> TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions

-- 
TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions





More information about the TriLUG mailing list