3 # Do IP mangling for checksum error issue after disable_dgaf=1
4 iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill
6 # block everything except ssh, icmp, http, and dhcp
8 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
11 iptables -A FORWARD -j ACCEPT -p icmp;
12 iptables -A INPUT -j ACCEPT -p icmp;
13 iptables -A OUTPUT -j ACCEPT -p icmp;
16 # Note: 192.168.1.198 is the address of the master Raspberry Pi.
17 # So, please adjust it to your own setup if needed.
18 #iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --dport ssh;
19 #iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --sport ssh;
20 #iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --dport ssh;
21 #iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --sport ssh;
22 #iptables -A OUTPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --dport ssh;
23 #iptables -A OUTPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --sport ssh;
24 #iptables -A OUTPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --dport ssh;
25 #iptables -A OUTPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --sport ssh;
26 iptables -A INPUT -j ACCEPT -p tcp --dport ssh;
27 iptables -A INPUT -j ACCEPT -p tcp --sport ssh;
28 iptables -A OUTPUT -j ACCEPT -p tcp --dport ssh;
29 iptables -A OUTPUT -j ACCEPT -p tcp --sport ssh;
31 iptables -A FORWARD -j ACCEPT -p tcp --dport ssh;
32 iptables -A FORWARD -j ACCEPT -p tcp --sport ssh;
34 # DNS UDP and TCP port 53
35 iptables -A INPUT -j ACCEPT -p tcp --dport domain
36 iptables -A INPUT -j ACCEPT -p tcp --sport domain
37 iptables -A OUTPUT -j ACCEPT -p tcp --dport domain
38 iptables -A OUTPUT -j ACCEPT -p tcp --sport domain
39 iptables -A INPUT -j ACCEPT -p udp --dport domain
40 iptables -A INPUT -j ACCEPT -p udp --sport domain
41 iptables -A OUTPUT -j ACCEPT -p udp --dport domain
42 iptables -A OUTPUT -j ACCEPT -p udp --sport domain
43 # BOOTP Client port 68
44 iptables -A INPUT -j ACCEPT -p udp --dport bootpc
45 iptables -A INPUT -j ACCEPT -p udp --sport bootpc;
46 # BOOTP Server port 67
47 iptables -A OUTPUT -j ACCEPT -p udp --dport bootps
48 iptables -A OUTPUT -j ACCEPT -p udp --sport bootps;
49 iptables -A FORWARD -j REJECT
50 iptables -A INPUT -j REJECT
51 iptables -A OUTPUT -j REJECT
54 #/usr/sbin/brctl hairpin br-wifi wlan0 on