Forward Firewall: fixed 12 Bugs from forum.

1) Added more possible chars in remark: : / . 2) Added "Internet" to std networks to be able to define internetaccess 3) When renaming a custom address, the firewallrules get updated 4) Ports are now ignored when using GRE as Protocol 5) When saving a customservice, the cursor is now in first textfield 6) Added a customservices file to installation with predefined services 7) Added ESP as protocol 8) Fixed counterproblem 9) Dropdownboxes for customservices and groups now sorted 10) Firewallrules now sorted in right order 11) fixed a Bug when defining manual address in source and target, the hint message is no longer displayed 12) When defining an external access rule, the last forwardrule was deleted
2026-04-24 18:03:06 +02:00 · 2013-01-09 10:22:32 +01:00
parent af8bc0d0a8
commit 62fc851166
14 changed files with 224 additions and 1488 deletions
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -226,12 +226,6 @@ case "$1" in
 	/sbin/iptables -N OPENSSLPHYSICAL
 	/sbin/iptables -A INPUT -j OPENSSLPHYSICAL

-	# WIRELESS chains
-	/sbin/iptables -N WIRELESSINPUT
-	/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
-	/sbin/iptables -N WIRELESSFORWARD
-	/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
-
 	# RED chain, used for the red interface
 	/sbin/iptables -N REDINPUT
 	/sbin/iptables -A INPUT -j REDINPUT
@@ -283,11 +277,16 @@ case "$1" in
 		/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
 	fi
 	/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
-	if [ "$DROPFORWARD" == "on" ]; then
-		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
-	fi
-	/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+	#if [ "$DROPFORWARD" == "on" ]; then
+	#	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+	#fi
+	#/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
 	
+	#POLICY CHAIN
+	/sbin/iptables -N POLICY
+	/sbin/iptables -A FORWARD -j POLICY
+	
+	/usr/sbin/firewall-forward-policy
 	;;
  startovpn)  
 	# run openvpn
@@ -320,14 +319,10 @@ case "$1" in
 		/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
 	fi
 	/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
-	#if [ "$DROPOUTPUT" == "on" ]; then
-	#	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
-	#fi
-	#/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
 	if [ "$DROPFORWARD" == "on" ]; then
-		/sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
+		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
 	fi
-	/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW-oberdropper"
+	/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
 	;;
  stopovpn)
 	# stop openvpn