Merge branch 'master' into next

2026-04-09 18:45:54 +02:00 · 2020-10-14 10:35:41 +00:00
parent 64c8811dee c69c820025
commit cbd0df20ed
2 changed files with 18 additions and 0 deletions
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -48,6 +48,13 @@ my @PROTOCOLS_WITH_PORTS = ("tcp", "udp");

 my @VALID_TARGETS = ("ACCEPT", "DROP", "REJECT");

+my @PRIVATE_NETWORKS = (
+	"10.0.0.0/8",
+	"172.16.0.0/12",
+	"192.168.0.0/16",
+	"100.64.0.0/10",
+);
+
 my %fwdfwsettings=();
 my %fwoptions = ();
 my %defaultNetworks=();
@@ -621,6 +628,16 @@ sub locationblock {
 		return;
 	}

+	# Only check the RED interface
+	if ($defaultNetworks{'RED_DEV'} ne "") {
+		run("$IPTABLES -A LOCATIONBLOCK ! -i $defaultNetworks{'RED_DEV'} -j RETURN");
+	}
+
+	# Do not check any private address space
+	foreach my $network (@PRIVATE_NETWORKS) {
+		run("$IPTABLES -A LOCATIONBLOCK -s $network -j RETURN");
+	}
+
 	# Loop through all supported locations and
 	# create iptables rules, if blocking for this country
 	# is enabled.
--- a/config/rootfiles/oldcore/151/filelists/files
+++ b/config/rootfiles/oldcore/151/filelists/files
@@ -10,6 +10,7 @@ srv/web/ipfire/cgi-bin/ipinfo.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/bin/probenic.sh
+usr/lib/firewall/rules.pl
 usr/local/bin/ipsecctrl
 var/ipfire/general-functions.pl
 var/ipfire/langs