webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 03:25:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: Portfw now working and firewall closed correctly

Browse Source
This commit is contained in:
Alexander Marx
2013-02-11 05:51:42 +01:00
committed by Michael Tremer
parent 8f204435d4
commit 12dcfbbdbe
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
html/cgi-bin/fwhosts.cgi
View File

@@ -1400,7 +1400,7 @@ sub viewtablegrp
my $count=1;
my $grpname;
my $remark;
my $number=1;
my $number;
if (!keys %customgrp)
{
print "<center><b>$Lang::tr{'fwhost empty'}</b>";
@@ -1446,6 +1446,7 @@ sub viewtablegrp
print"<input type='hidden' name='ACTION' value='deletegrphost'><input type='hidden' name='delhost' value='$grpname,$remark,$customgrp{$key}[2],$customgrp{$key}[3]'></form></td></tr>";
$helper=$customgrp{$key}[0];
$number++;
}
print"</table>";

13
src/initscripts/init.d/firewall
View File

@@ -211,7 +211,7 @@ case "$1" in
/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT ! -p icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
#/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
# If a host on orange tries to initiate a connection to IPFire's red IP and
# the connection gets DNATed back through a port forward to a server on orange
@@ -227,7 +227,11 @@ case "$1" in
/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
# PORTFWACCESS chain, used for portforwarding
/sbin/iptables -N PORTFWACCESS
/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
# OPenSSL
/sbin/iptables -N OPENSSLPHYSICAL
/sbin/iptables -A INPUT -j OPENSSLPHYSICAL
@@ -244,15 +248,10 @@ case "$1" in
# DMZ pinhole chain.
# ORANGE to talk to GREEN / BLUE.
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j FORWARDFW
fi
# PORTFWACCESS chain, used for portforwarding
/sbin/iptables -N PORTFWACCESS
/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
# Custom prerouting chains (for transparent proxy and port forwarding)
/sbin/iptables -t nat -N SQUID
/sbin/iptables -t nat -A PREROUTING -j SQUID