General tweaks + No SMTP on ChilliSpot

Post new topic   Reply to topic    DD-WRT Forum Index -> Contributions Upload
View previous topic :: View next topic  
Author Message
callihn
DD-WRT Novice


Joined: 10 Jul 2008
Posts: 49
PostPosted: Fri Dec 18, 2009 21:35    Post subject: General tweaks + No SMTP on ChilliSpot Reply with quote
Here are some general tweaks I've been using as well as some settings to disable SMTP on the Chillispot.

http://192.168.2.1/Diagnostics.asp

I use this as my "Startup" script:

Code:

#!/bin/sh

echo 1 > /proc/sys/net/ipv4/conf/eth0/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/conf/eth0/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/ip_forward

echo 64000 > /proc/sys/net/ipv4/ipfrag_high_thresh
echo 48000 > /proc/sys/net/ipv4/ipfrag_low_thresh

echo 10 > /proc/sys/net/ipv4/ipfrag_time
echo 5 > /proc/sys/net/ipv4/icmp_ratelimit
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
echo 1 > /proc/sys/net/ipv4/conf/eth0/log_martians
echo 10 > /proc/sys/net/ipv4/neigh/eth0/locktime
echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 50 > /proc/sys/net/ipv4/neigh/eth0/gc_stale_time

#
# The following entries secure the last bit and provide a
# moderate protection against man-in-the-middle attacks.
#

echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/secure_redirects
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 5 > /proc/sys/net/ipv4/igmp_max_memberships
echo 2 > /proc/sys/net/ipv4/igmp_max_msf
echo 1024 > /proc/sys/net/ipv4/tcp_max_orphans
echo 2 > /proc/sys/net/ipv4/tcp_syn_retries
echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow
echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 0 > /proc/sys/net/ipv4/route/redirect_number
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 61 > /proc/sys/net/ipv4/ip_default_ttl

# DoS protection by tweaking the timeouts

echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_sack

# We pretend to be a Checkpoint firewall on Windows XP

echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_rmem
echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_wmem

# Check network overload (explicit congestion notification)

echo 1 > /proc/sys/net/ipv4/tcp_ecn

# Change port range for outgoing traffic

echo "30000 60000" > /proc/sys/net/ipv4/ip_local_port_range

# Change default queue size
# Modified for DD-WRT because of missing proc entries

echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max

# LED signal feedback when script ends

sleep 1
gpio disable 3
sleep 1
gpio enable 3
sleep 1
gpio disable 3
sleep 1
gpio enable 2
sleep 1
gpio disable 2
sleep 1
gpio enable 2

# If you'd like to disable the web interface uncomment
# the following line

#killall httpd


I put this under "Firewall" to disable SMTP on the Chillispot:

Code:

# ALL outgoing mail must travel via webmail on the ChilliSpot AP.
 
iptables -A OUTPUT -p tcp -s 192.168.182.0/24 --sport 0:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j DROP

iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.182.0/24 --dport 0:65535 -m state --state NEW,ESTABLISHED,RELATED -j DROP

iptables -A OUTPUT -p tcp -s 192.168.182.0/24 --sport 0:65535 -d 0/0 --dport 465 -m state --state NEW,ESTABLISHED,RELATED -j DROP

iptables -A INPUT -p tcp -s 0/0 --sport 465 -d 192.168.182.0/24 --dport 0:65535 -m state --state NEW,ESTABLISHED,RELATED -j DROP
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Contributions Upload All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum