From: Alexander Marx <amarx@ipfire.org>
Date: Tue, 7 May 2013 10:02:17 +0000 (+0200)
Subject: Forward Firewall: fixed wrong log Entries INPUT_DROP when connected via Web or ssh
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c400fe4c84dbb3c32e38d961f24275b29bc73d8f;hp=cb6148989124a4df35fe4ab256b03106a5121357;p=people%2Fteissler%2Fipfire-2.x.git

Forward Firewall: fixed wrong log Entries INPUT_DROP when connected via Web or ssh
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index ca1834051..183ff5ba2 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -267,6 +267,16 @@ case "$1" in
 		/etc/sysconfig/firewall.local start
 	fi
 	
+	/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT_a"
+
+	if [ "$DROPINPUT" == "on" ]; then
+		/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT_b"
+	fi
+	if [ "$DROPFORWARD" == "on" ]; then
+		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+	fi
+	/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+
 	#POLICY CHAIN
 	/sbin/iptables -N POLICYIN
 	/sbin/iptables -A INPUT -j POLICYIN
@@ -303,12 +313,14 @@ case "$1" in
  	if [ -x /etc/sysconfig/firewall.local ]; then
 		/etc/sysconfig/firewall.local stop
 	fi
+
 	/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
+
 	if [ "$DROPINPUT" == "on" ]; then
-		/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
+		/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
 	fi
 	if [ "$DROPFORWARD" == "on" ]; then
-		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
 	fi
 	/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"