webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 20:16:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Add more rules to input/output when adding rules to forward

Browse Source 
The special_input/output_targets array assumed that firewall access
will always be denied. However, rules also need to be created when
access is granted. Therefore the ACCEPT target needs to be included
in this list and rules must be created in INPUTFW/OUTGOINGFW too
when ACCEPT rules are created in FORWARDFW.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2019-04-30 10:45:34 +01:00
parent 68e0cf6714
commit ae93dd3deb
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
config/firewall/rules.pl
View File

@@ -175,9 +175,9 @@ sub buildrules {
}
if ($POLICY_INPUT_ACTION eq "DROP") {
push(@special_input_targets, "REJECT");
push(@special_input_targets, ("ACCEPT", "REJECT"));
} elsif ($POLICY_INPUT_ACTION eq "REJECT") {
push(@special_input_targets, "DROP");
push(@special_input_targets, ("ACCEPT", "DROP"));
}
my @special_output_targets = ();
@@ -187,9 +187,9 @@ sub buildrules {
push(@special_output_targets, "ACCEPT");
if ($POLICY_OUTPUT_ACTION eq "DROP") {
push(@special_output_targets, "REJECT");
push(@special_output_targets, ("ACCEPT", "REJECT"));
} elsif ($POLICY_OUTPUT_ACTION eq "REJECT") {
push(@special_output_targets, "DROP");
push(@special_output_targets, ("ACCEPT", "DROP"));
}
}