webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 09:52:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall-policy: fix drop and logging on red0;

Browse Source
This commit is contained in:
Arne Fitzenreiter
2014-03-29 15:06:35 +01:00
parent ea219d3a0f
commit 8089b78d9d
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
config/firewall/firewall-policy
View File

@@ -112,11 +112,29 @@ case "${POLICY}" in
*)
if [ -n "${IFACE}" ]; then
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP
fi
if [ "${HAVE_ORANGE}" = "true" ] && [ -n "${ORANGE_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP
fi
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${IFACE}" -j DROP
if [ "${IFACE}" != "${RED_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${RED_DEV}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${RED_DEV}" -j DROP
fi
fi
iptables -A POLICYFWD -j ACCEPT
iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP