webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ausgehende Firewall aktiviert, kann nun getestet werden.

Browse Source 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@616 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2007-06-07 16:39:54 +00:00
parent 9141bd3433
commit 4cb74dce6f
4 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
config/outgoingfw/outgoingfw.pl
View File

@@ -76,7 +76,7 @@ close FILE;
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
$outfwsettings{'STATE'} = "ALLOW";
$POLICY = "DROP";
$DO = "RETURN";
$DO = "ACCEPT";
} elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
$outfwsettings{'STATE'} = "DENY";
$POLICY = "ACCEPT";
@@ -93,9 +93,9 @@ if ( $outfwsettings{'POLICY'} eq 'MODE0' ) {
}
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
$CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j RETURN";
$CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
$CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j RETURN";
$CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
}
@@ -152,21 +152,22 @@ foreach $configentry (sort @configs)
$MAC = "$configline[6]";
$CMD = "$CMD -m mac --mac-source $MAC";
}
$CMD = "$CMD -o $netsettings{'RED_DEV'}";
if ($configline[9] eq "aktiv") {
if ($DEBUG) {
print "$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
} else {
system("$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
}
}
if ($DEBUG) {
print "$CMD -j $DO\n";
} else {
system("$CMD -j $DO");
}
if ($configline[9] eq "log") {
if ($DEBUG) {
print "$CMD -m state --state NEW -j LOG --log-prefix 'OUTGOINGFW '\n";
} else {
system("$CMD -m state --state NEW -j LOG --log-prefix 'OUTGOINGFW '");
}
}
}
}
}
@@ -187,7 +188,7 @@ foreach $p2pentry (sort @p2ps)
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
} else {
$DO = "RETURN";
$DO = "ACCEPT";
if ("$p2pline[2]" eq "on") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
@@ -202,7 +203,7 @@ if ($P2PSTRING) {
}
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
$CMD = "/sbin/iptables -A OUTGOINGFW -j DROP";
$CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP";
if ($DEBUG) {
print "$CMD\n";
} else {