]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - config/outgoingfw/outgoingfw.pl
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
outgoingfw: mode=1: Change policy ACCEPT -> RETURN.
[people/teissler/ipfire-2.x.git] / config / outgoingfw / outgoingfw.pl
diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl
index 1d7dd93aa00b04abe9a27f92c8da065abb6c55f6..c4813e9df17a724d9d42ba8d91671755ff0d2177 100644 (file)
--- a/config/outgoingfw/outgoingfw.pl
+++ b/config/outgoingfw/outgoingfw.pl
@@ -91,10 +91,10 @@ close FILE;
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
        $outfwsettings{'STATE'} = "ALLOW";
        $POLICY = "DROP";
-       $DO = "ACCEPT";
+       $DO = "RETURN";
 } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
        $outfwsettings{'STATE'} = "DENY";
-       $POLICY = "ACCEPT";
+       $POLICY = "RETURN";
        $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '";
 }
 
@@ -112,13 +112,13 @@ if ( $outfwsettings{'POLICY'} eq 'MODE0' ) {
 }
 
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
-       $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT";
+       $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j RETURN";
        if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
-       $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j ACCEPT";
+       $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j RETURN";
        if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
-               $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT";
+               $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j RETURN";
        if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
-               $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j ACCEPT";
+               $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j RETURN";
        if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
 }
 
@@ -260,7 +260,7 @@ foreach $p2pentry (sort @p2ps)
                        $P2PSTRING = "$P2PSTRING --$p2pline[1]";
                }
        } else {
-               $DO = "ACCEPT";
+               $DO = "RETURN";
                if ("$p2pline[2]" eq "on") {
                        $P2PSTRING = "$P2PSTRING --$p2pline[1]";
                }
@@ -290,4 +290,4 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
        } else {
                system("$CMD");
        }
-}
\ No newline at end of file
+}
Timo's tree of IPFire 2.x