firewall: Fixes bug12981 - add if loop to log or not log dropped hostile traffic

- This v3 version now has two if loops allowing logging of incoming drop hostile or
   outgoing drop hostile or both or neither.
- Dependent on the choice in optionsfw.cgi this loop will either log or not log the
   dropped hostile traffic.

Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/initscripts/system/firewall

@@ -179,9 +179,18 @@ iptables_init() {
 	iptables -A FORWARD -j HOSTILE
 	iptables -A OUTPUT -j HOSTILE
 
-	iptables -N HOSTILE_DROP
-	iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
-	iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
+	iptables -N HOSTILE_DROP_IN
+	if [ "$LOGDROPHOSTILEIN" == "on" ]; then
+		iptables -A HOSTILE_DROP_IN -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+	fi
+	iptables -A HOSTILE_DROP_IN -j DROP -m comment --comment "DROP_HOSTILE"
+
+	iptables -N HOSTILE_DROP_OUT
+	if [ "$LOGDROPHOSTILEOUT" == "on" ]; then
+		iptables -A HOSTILE_DROP_OUT -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+	fi
+	iptables -A HOSTILE_DROP_OUT -j DROP -m comment --comment "DROP_HOSTILE"
+
 
 	# IP Address Blocklist chains
 	iptables -N BLOCKLISTIN