enable image building for openwrt demo

Change-Id: Id464f064e9a7c4a55244c3cec4b3303a4ed0a889 Signed-off-by: Bin Lu <bin.lu@arm.com>
author: Bin Lu <bin.lu@arm.com> 2018-05-23 10:33:18 +0800
committer: Bin Lu <bin.lu@arm.com> 2018-05-23 10:34:26 +0800
commit: 4a7eefce73a2246e7437119ea2b6904ae7d50503 (patch)
tree: 66c2404d8dbb5d6568e27da72962b6ae7a268278 /src/arm/openwrt_demo/1_buildimage/resources/config/firewall.user
parent: b1f11b54803266384cf0d9e14fcb7204dbcc79a7 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/arm/openwrt_demo/1_buildimage/resources/config/firewall.user b/src/arm/openwrt_demo/1_buildimage/resources/config/firewall.user
new file mode 100644
index 0000000..ab61136
--- /dev/null
+++ b/src/arm/openwrt_demo/1_buildimage/resources/config/firewall.user
@@ -0,0 +1,9 @@
+# This file is interpreted as shell script.
+# Put your custom iptables rules here, they will
+# be executed with each firewall (re-)start.
+
+# Internal uci firewall chains are flushed and recreated on reload, so
+# put custom rules into the root chains e.g. INPUT or FORWARD or into the
+# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
+iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT
+iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
author	Bin Lu <bin.lu@arm.com>	2018-05-23 10:33:18 +0800
committer	Bin Lu <bin.lu@arm.com>	2018-05-23 10:34:26 +0800
commit	4a7eefce73a2246e7437119ea2b6904ae7d50503 (patch)
tree	66c2404d8dbb5d6568e27da72962b6ae7a268278 /src/arm/openwrt_demo/1_buildimage/resources/config/firewall.user
parent	b1f11b54803266384cf0d9e14fcb7204dbcc79a7 (diff)