- iptables -t filter -N luci_splash_counter
- iptables -t nat -N luci_splash_portal
- iptables -t nat -N luci_splash_leases
- iptables -t nat -N luci_splash_prerouting
-
- [ "$LIMIT_UP" -gt 0 -a "$LIMIT_DOWN" -gt 0 ] && \
- iptables -t mangle -N luci_splash_mark
+ $IPT -t nat -N luci_splash_prerouting
+ $IPT -t nat -N luci_splash_leases
+ $IPT -t filter -N luci_splash_forwarding
+ $IPT -t filter -N luci_splash_filter
+
+ if [ "$HAS_IPV6" = 1 ]; then
+ $IPT6 -t filter -N luci_splash_forwarding
+ $IPT6 -t filter -N luci_splash_filter
+ fi
+
+ ### Clear iptables replay log
+ [ -s $IPT_REPLAY ] && . $IPT_REPLAY
+ echo -n > $IPT_REPLAY
+
+ ### Add interface independant prerouting rules
+ $IPT -t nat -A luci_splash_prerouting -j luci_splash_leases
+ $IPT -t nat -A luci_splash_leases -p udp --dport 53 -j REDIRECT --to-ports 53
+ $IPT -t nat -A luci_splash_leases -p tcp --dport 80 -j REDIRECT --to-ports 8082
+
+ ### Add interface independant forwarding rules
+ $IPT -t filter -A luci_splash_forwarding -j luci_splash_filter
+ $IPT -t filter -A luci_splash_filter -p tcp -j REJECT --reject-with tcp-reset
+ $IPT -t filter -A luci_splash_filter -j REJECT --reject-with icmp-net-prohibited
+
+ if [ "$HAS_IPV6" = 1 ]; then
+ $IPT6 -t filter -A luci_splash_forwarding -j luci_splash_filter
+ $IPT6 -t filter -A luci_splash_filter -p tcp -j REJECT --reject-with tcp-reset
+ $IPT6 -t filter -A luci_splash_filter -j REJECT --reject-with adm-prohibited
+ fi
+
+ ### Add QoS chain
+ $IPT -t mangle -N luci_splash_mark_out
+ $IPT -t mangle -N luci_splash_mark_in
+ $IPT -t mangle -I PREROUTING -j luci_splash_mark_out
+ $IPT -t mangle -I POSTROUTING -j luci_splash_mark_in
+
+ if [ "$HAS_IPV6" = 1 ]; then
+ $IPT6 -t mangle -N luci_splash_mark_out
+ $IPT6 -t mangle -N luci_splash_mark_in
+ $IPT6 -t mangle -I PREROUTING -j luci_splash_mark_out
+ $IPT6 -t mangle -I POSTROUTING -j luci_splash_mark_in
+ fi