webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 09:52:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: replaced Outgoing-Logging with ForwardFW Logging. And changed Options in optionsfw.cgi from outgoing to forward

Browse Source
This commit is contained in:
Alexander Marx
2013-01-03 17:30:11 +01:00
committed by Michael Tremer
parent e534554162
commit 6be0579b18
2 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
html/cgi-bin/optionsfw.cgi
View File

@@ -30,7 +30,7 @@ our %settings=();
$settings{'DISABLEPING'} = 'NO';
$settings{'DROPNEWNOTSYN'} = 'on';
$settings{'DROPINPUT'} = 'on';
$settings{'DROPOUTPUT'} = 'on';
$settings{'DROPFORWARD'} = 'on';
$settings{'DROPPORTSCAN'} = 'on';
$settings{'DROPWIRELESSINPUT'} = 'on';
$settings{'DROPWIRELESSFORWARD'} = 'on';
@@ -66,9 +66,9 @@ $checked{'DROPNEWNOTSYN'}{$settings{'DROPNEWNOTSYN'}} = "checked='checked'";
$checked{'DROPINPUT'}{'off'} = '';
$checked{'DROPINPUT'}{'on'} = '';
$checked{'DROPINPUT'}{$settings{'DROPINPUT'}} = "checked='checked'";
$checked{'DROPOUTPUT'}{'off'} = '';
$checked{'DROPOUTPUT'}{'on'} = '';
$checked{'DROPOUTPUT'}{$settings{'DROPOUTPUT'}} = "checked='checked'";
$checked{'DROPFORWARD'}{'off'} = '';
$checked{'DROPFORWARD'}{'on'} = '';
$checked{'DROPFORWARD'}{$settings{'DROPFORWARD'}} = "checked='checked'";
$checked{'DROPPORTSCAN'}{'off'} = '';
$checked{'DROPPORTSCAN'}{'on'} = '';
$checked{'DROPPORTSCAN'}{$settings{'DROPPORTSCAN'}} = "checked='checked'";
@@ -96,8 +96,8 @@ print <<END
<input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop input'}</td><td align='left'>on <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/
<input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop output'}</td><td align='left'>on <input type='radio' name='DROPOUTPUT' value='on' $checked{'DROPOUTPUT'}{'on'} />/
<input type='radio' name='DROPOUTPUT' value='off' $checked{'DROPOUTPUT'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop forward'}</td><td align='left'>on <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/
<input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop portscan'}</td><td align='left'>on <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/
<input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>on <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/

13
src/initscripts/init.d/firewall
View File

@@ -287,6 +287,13 @@ case "$1" in
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
fi
/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW"
;;
startovpn)
# run openvpn
@@ -323,7 +330,11 @@ case "$1" in
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
;;
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
fi
/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW"
;;
stopovpn)
# stop openvpn
/usr/local/bin/openvpnctrl --delete-chains-and-rules