webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 09:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward firewall: commented out line in init.d/firewall that all Forward traffic from green is allowed and put it in rules.pl. Now rules.pl allows this traffic when firewall is set to Mode0 or Mode2

Browse Source
This commit is contained in:
Alexander Marx
2013-01-08 11:20:39 +01:00
committed by Michael Tremer
parent c0ec19967e
commit fd10a52ca2
4 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/initscripts/init.d/firewall
View File

@@ -211,7 +211,7 @@ case "$1" in
/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT ! -p icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
#/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
# If a host on orange tries to initiate a connection to IPFire's red IP and
# the connection gets DNATed back through a port forward to a server on orange
@@ -283,18 +283,12 @@ case "$1" in
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPOUTPUT" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW"
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
;;
;;
startovpn)
# run openvpn
/usr/local/bin/openvpnctrl --create-chains-and-rules
@@ -326,14 +320,14 @@ case "$1" in
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPOUTPUT" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
#if [ "$DROPOUTPUT" == "on" ]; then
# /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
#fi
#/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
fi
/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW"
/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW-oberdropper"
;;
stopovpn)
# stop openvpn