Adding custom firewall rules to Pi-Star

From PiStar Wiki
Jump to: navigation, search

How to add custom firewall rules to Pi-Star

1. Login over SSH to the command line, either by using your own client or the client built into the admin section of the dashboard.

 ╔═══════════════════════════════════════════════════════════════════════╗
 ║                                                                       ║
 ║           ██████╗ ██╗      ███████╗████████╗ █████╗ ██████╗           ║
 ║           ██╔══██╗██║      ██╔════╝╚══██╔══╝██╔══██╗██╔══██╗          ║
 ║           ██████╔╝██║█████╗███████╗   ██║   ███████║██████╔╝          ║
 ║           ██╔═══╝ ██║╚════╝╚════██║   ██║   ██╔══██║██╔══██╗          ║
 ║           ██║     ██║      ███████║   ██║   ██║  ██║██║  ██║          ║
 ║           ╚═╝     ╚═╝      ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝          ║
 ║                                                                       ║
 ╚═══════════════════════════════════════════════════════════════v3.4.12═╝
 From your Windows Computer:
 Pi-Star Dashboard:      http://pi-star/
 
 From your Apple iPhone, iPad, Macbook, iMac etc.
 Pi-Star Dashboard:      http://pi-star.local/
 
 Pi-Star's disk is read-only by default, enable read-write with "rpi-rw".
 Pi-Star built by Andy Taylor (MW0MWZ), pi-star tools all start "pistar-".
 
 [email protected](ro):~$

2. Make the disk RW

 [email protected](ro):~$ rpi-rw

3. Edit the custom firewall script

 [email protected](rw):~$ sudo nano /root/ipv4.fw

4. Add your custom rule

 # Comments can be added using the hash at the start of a line
 # This line adds outgoing access to UDP/41401
 iptables -A OUTPUT -p udp --dport 41401 -j ACCEPT #			NXDN Outbound to extra host
 # This line adds DSCP marking to this traffic to give it voice priority on the network
 # you dont need this but its a good thing for voice packets
 iptables -t mangle -A POSTROUTING -p udp --dport 41401 -j DSCP --set-dscp 46

5. Save the file by pressing Ctrl-X, choose Y for yes to save it

6. Update the firewall to pull in your changes

 [email protected](rw):~$ sudo pistar-firewall