firewall: Filter only on RED and exclude any private address space

Since libloc is built as a tree we cannot simply exclude any address space in the middle of it. Therefore we create some firewall rules which simply avoid checking non-globally routable address space. Fixes: #12499 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-05-01 07:50:23 +02:00 · 2020-10-14 11:32:05 +01:00
parent 642557e23b
commit c69c820025
2 changed files with 18 additions and 0 deletions
--- a/config/rootfiles/core/151/filelists/files
+++ b/config/rootfiles/core/151/filelists/files
@@ -10,6 +10,7 @@ srv/web/ipfire/cgi-bin/ipinfo.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/bin/probenic.sh
+usr/lib/firewall/rules.pl
 usr/local/bin/ipsecctrl
 var/ipfire/general-functions.pl
 var/ipfire/langs