From 93dd405fb0871b374fb98e89eacdfdad663ec9d9 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 11 Dec 2010 01:27:26 +0100 Subject: [PATCH 1/2] fireinfo: Update to 0.7. --- lfs/fireinfo | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/fireinfo b/lfs/fireinfo index 8736ba10f..8d45d6bcc 100644 --- a/lfs/fireinfo +++ b/lfs/fireinfo @@ -24,7 +24,7 @@ include Config -VER = 0.6 +VER = 0.7 THISAPP = fireinfo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = cc977df8dbe149be184c27105c879116 +$(DL_FILE)_MD5 = a0575923a1719be9ff75fb0bbc8d50eb install : $(TARGET) From b2eb5b07826d590319dd81e5d5b9506543ef3507 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 11 Dec 2010 10:01:27 +0100 Subject: [PATCH 2/2] Handle loopback on input before NEW,NOTSYN check. Many programs like squid/squidguard spam the log without this. --- src/initscripts/init.d/firewall | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index fea8d87e8..88889a4c2 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -188,10 +188,10 @@ case "$1" in /sbin/iptables -A FORWARD -j OUTGOINGFW # localhost and ethernet. - /sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT + /sbin/iptables -I INPUT 1 -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -m state --state NEW -j ACCEPT /sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo /sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP - /sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT + /sbin/iptables -A FORWARD -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -m state --state NEW -j ACCEPT /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT ! -p icmp