webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Suppress more warnings when initialising without GREEN

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2018-07-01 11:49:57 +01:00
parent 470e85c365
commit 475ae4b3db
1 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
config/firewall/firewall-policy
View File

@@ -58,7 +58,9 @@ HAVE_OPENVPN="true"
# INPUT
# Allow access from GREEN
iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
if [ -n "${GREEN_DEV}" ]; then
iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
fi
# Allow access from BLUE
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
@@ -119,12 +121,14 @@ case "${POLICY}" in
*)
# Access from GREEN is granted to everywhere
if [ "${IFACE}" = "${GREEN_DEV}" ]; then
# internet via green
# don't check source IP/NET if IFACE is GREEN
iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
else
iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
if [ -n "${GREEN_DEV}" ]; then
if [ "${IFACE}" = "${GREEN_DEV}" ]; then
# internet via green
# don't check source IP/NET if IFACE is GREEN
iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
else
iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
fi
fi
# Grant access for IPsec VPN connections