### The "-i $WAN" literally means packets that came in over the $WAN interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.
-### Allow SSH from WAN
+### Allow SSH on the WAN interface
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# if they don't already exist
[ "$(nvram get boardtype)" = "bcm95365r" \
-a "$(nvram get boardnum)" = "45" \
--a -z "$(nvram get vlan0ports)$(nvram get vlan1ports)" ] && {
+-a -z "$(nvram get vlan0ports)"
+-a -z "$(nvram get vlan1ports)" ] && {
nvram set vlan0ports="1 2 3 4 5*"
nvram set vlan1ports="0 5"
}
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
# automagically run firstboot
-[ -z "$FAILSAFE" ] && {
+[ -z "$FAILSAFE" -a -z "$(nvram get no_root_swap)" ] && {
{ mount|grep "on / type jffs2" 1>&-; } || firstboot
}
#!/bin/sh
syslog_ip=$(nvram get log_ipaddr)
-ipcalc -s $syslog_ip || syslog_ip=""
+ipcalc -s "$syslog_ip" || syslog_ip=""
syslogd -C 16 ${syslog_ip:+-L -R $syslog_ip}
klogd
#${FAILSAFE:+telnetd -l /bin/login; ifup lan; exit}
#!/bin/sh
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin
mount none /proc -t proc
insmod diag
echo 0x01 > /proc/sys/diag
sleep 1
-if [ $(cat /proc/sys/reset) = 1 ] || [ "$(/usr/sbin/nvram get failsafe)" = 1 ]; then
+if [ $(cat /proc/sys/reset) = 1 -o "$(nvram get failsafe)" = 1 ]; then
export FAILSAFE=true
- [ "$(/usr/sbin/nvram get boot_wait)" != "on" ] && {
- /usr/sbin/nvram set boot_wait=on
- /usr/sbin/nvram commit
+ [ "$(nvram get boot_wait)" != "on" ] && {
+ nvram set boot_wait=on
+ nvram commit
}
while :; do { echo $(((X=(X+1)%8)%2)) > /proc/sys/diag; sleep $((X==0)); } done &
fi
-/sbin/mount_root ${FAILSAFE:+failsafe}
+mount_root ${FAILSAFE:+failsafe}
exec /sbin/init