firewall-policy: fix drop and logging on red0;

This commit is contained in:
Arne Fitzenreiter
2014-03-29 15:06:35 +01:00
parent ea219d3a0f
commit 8089b78d9d

View File

@@ -112,11 +112,29 @@ case "${POLICY}" in
*)
if [ -n "${IFACE}" ]; then
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP
fi
if [ "${HAVE_ORANGE}" = "true" ] && [ -n "${ORANGE_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP
fi
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${IFACE}" -j DROP
if [ "${IFACE}" != "${RED_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${RED_DEV}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${RED_DEV}" -j DROP
fi
fi
iptables -A POLICYFWD -j ACCEPT
iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP