webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 18:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: fixed wrong log Entries INPUT_DROP when connected via Web or ssh

Browse Source
This commit is contained in:
Alexander Marx
2013-05-07 12:02:17 +02:00
committed by Michael Tremer
parent cb61489891
commit c400fe4c84
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/initscripts/init.d/firewall
View File

@@ -267,6 +267,16 @@ case "$1" in
/etc/sysconfig/firewall.local start
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT_a"
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT_b"
fi
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
#POLICY CHAIN
/sbin/iptables -N POLICYIN
/sbin/iptables -A INPUT -j POLICYIN
@@ -303,12 +313,14 @@ case "$1" in
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local stop
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
fi
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"