###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2005-2010 IPFire Team #
+# Copyright (C) 2007-2011 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
#use warnings;
require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
my %outfwsettings = ();
my %checked = ();
my $DPORT = "";
my $DEV = "";
my $MAC = "";
-my $POLICY = "";
my $DO = "";
my $DAY = "";
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
$outfwsettings{'STATE'} = "ALLOW";
- $POLICY = "DROP";
- $DO = "ACCEPT";
+ $DO = "RETURN";
} elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
$outfwsettings{'STATE'} = "DENY";
- $POLICY = "ACCEPT";
$DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '";
}
}
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
- $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT";
+ $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
- $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j ACCEPT";
+ $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
- $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT";
+ $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
- $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j ACCEPT";
+ $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
}
foreach $SOURCE (@SOURCE) {
$SOURCE =~ s/\s//gi;
- if ( $SOURCE eq "" ){next;}
+ if ( $SOURCE eq "" || $configline[1] eq "" ){next;}
if ( ( $configline[6] ne "" || $configline[2] eq 'mac' ) && $configline[2] ne 'all'){
$SOURCE =~ s/[^a-zA-Z0-9]/:/gi;
}
if ($configline[17] && $configline[18]) {
+ $DAY = "";
if ($configline[10]){$DAY = "Mon,"}
if ($configline[11]){$DAY .= "Tue,"}
if ($configline[12]){$DAY .= "Wed,"}
$CMD = "$CMD -o $netsettings{'RED_DEV'}";
- if ($configline[9] eq "aktiv") {
+ if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) {
+ if ($DEBUG) {
+ print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '\n";
+ } else {
+ system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '");
+ }
+ } elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) {
if ($DEBUG) {
print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '\n";
} else {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
} else {
- $DO = "ACCEPT";
+ $DO = "RETURN";
if ("$p2pline[2]" eq "on") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
} else {
system("$CMD");
}
-}
\ No newline at end of file
+}