webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

rules.pl: Flush ipblocklist DROP chains.

Browse Source 
Flush the DROP chains of the blocklist chains while reloading the
firewall. Otherwise the log rules will stay even if logging has been
disabled in the meantime.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit is contained in:
Stefan Schantl
2022-05-02 20:52:42 +02:00
parent 404b513794
commit adbd2bd6d4
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
config/firewall/rules.pl
View File

@@ -742,17 +742,20 @@ sub ipblocklist () {
if(&firewall_chain_exists("${blocklist}_DROP")) {
# Create iptables chain.
run("$IPTABLES -N ${blocklist}_DROP");
# Check if logging is enabled.
if($blocklistsettings{'LOGGING'} eq "on") {
# Create logging rule.
run("$IPTABLES -A ${blocklist}_DROP -j LOG -m limit --limit 10/second --log-prefix \"BLKLST_$blocklist\" ");
}
# Create Drop rule.
run("$IPTABLES -A ${blocklist}_DROP -j DROP");
} else {
# Flush the chain.
run("$IPTABLES -F ${blocklist}_DROP");
}
# Check if logging is enabled.
if($blocklistsettings{'LOGGING'} eq "on") {
# Create logging rule.
run("$IPTABLES -A ${blocklist}_DROP -j LOG -m limit --limit 10/second --log-prefix \"BLKLST_$blocklist\" ");
}
# Create Drop rule.
run("$IPTABLES -A ${blocklist}_DROP -j DROP");
# Add the rules to check against the set
run("$IPTABLES -A BLOCKLISTIN -p ALL -i $RED_DEV -m set --match-set $blocklist src -j ${blocklist}_DROP");
run("$IPTABLES -A BLOCKLISTOUT -p ALL -o $RED_DEV -m set --match-set $blocklist dst -j ${blocklist}_DROP");