]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - config/outgoingfw/outgoingfw.pl
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed Outgoing FW ignoring Log Option in Mode1
[people/pmueller/ipfire-2.x.git] / config / outgoingfw / outgoingfw.pl
diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl
index 84298e4157ecd3d242ea5ee17643846f598c675e..15aaf012373870e3b065fb3fa0dd9a3f59799f11 100644 (file)
--- a/config/outgoingfw/outgoingfw.pl
+++ b/config/outgoingfw/outgoingfw.pl
@@ -46,8 +46,6 @@ my $DEBUG = 0;
 my $configfile = "/var/ipfire/outgoing/rules";
 my $p2pfile = "/var/ipfire/outgoing/p2protocols";
 
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
 ### Values that have to be initialized
 $outfwsettings{'ACTION'} = '';
 $outfwsettings{'VALID'} = 'yes';
@@ -79,6 +77,8 @@ my $DO = "";
 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 
+$netsettings{'RED_DEV'}=`cat /var/ipfire/red/iface`;
+
 open( FILE, "< $configfile" ) or die "Unable to read $configfile";
 @configs = <FILE>;
 close FILE;
@@ -90,7 +90,7 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
        $outfwsettings{'STATE'} = "DENY";
        $POLICY = "ACCEPT";
-       $DO = "DROP";
+       $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'";
 }
 
 ### Initialize IPTables
@@ -167,9 +167,9 @@ foreach $configentry (sort @configs)
 
                        if ($configline[9] eq "aktiv") {
                                if ($DEBUG) {
-                                       print "$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
+                                       print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
                                } else {
-                                       system("$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
+                                       system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
                                }
                        }
                        
@@ -213,7 +213,16 @@ if ($P2PSTRING) {
 }
 
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
-       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP";
+        if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
+                       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '";
+               if ($DEBUG) {
+                       print "$CMD\n";
+               } else {
+                       system("$CMD");
+               }
+        }
+
+       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'";
        if ($DEBUG) {
                print "$CMD\n";
        } else {
Peter's tree of IPFire 2.x