my $configfile = "/var/ipfire/outgoing/rules";
my $p2pfile = "/var/ipfire/outgoing/p2protocols";
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
### Values that have to be initialized
$outfwsettings{'ACTION'} = '';
$outfwsettings{'VALID'} = 'yes';
&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+$netsettings{'RED_DEV'}=`cat /var/ipfire/red/iface`;
+
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
} elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
$outfwsettings{'STATE'} = "DENY";
$POLICY = "ACCEPT";
- $DO = "DROP";
+ $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'";
}
### Initialize IPTables
if ($configline[9] eq "aktiv") {
if ($DEBUG) {
- print "$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
+ print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
} else {
- system("$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
+ system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
}
}
}
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
- $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP";
+ if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
+ $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '";
+ if ($DEBUG) {
+ print "$CMD\n";
+ } else {
+ system("$CMD");
+ }
+ }
+
+ $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'";
if ($DEBUG) {
print "$CMD\n";
} else {