Merge branch 'master' of ssh://arne_f@ipfire.org/pub/git/ipfire-2.x

[people/pmueller/ipfire-2.x.git] / config / outgoingfw / outgoingfw.pl

diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl
index a20e34da30fda9f8a06972d1d8e044605c759bda..5344ae35661e23ef1e555c1f0515ece64e35c416 100644 (file)
--- a/config/outgoingfw/outgoingfw.pl
+++ b/config/outgoingfw/outgoingfw.pl
@@ -1,3 +1,4 @@
+#!/usr/bin/perl
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
@@ -45,8 +46,6 @@ my $DEBUG = 0;
 my $configfile = "/var/ipfire/outgoing/rules";
 my $p2pfile = "/var/ipfire/outgoing/p2protocols";
 
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
 ### Values that have to be initialized
 $outfwsettings{'ACTION'} = '';
 $outfwsettings{'VALID'} = 'yes';
@@ -78,6 +77,8 @@ my $DO = "";
 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 
+$netsettings{'RED_DEV'}=`cat /var/ipfire/red/iface`;
+
 open( FILE, "< $configfile" ) or die "Unable to read $configfile";
 @configs = <FILE>;
 close FILE;
@@ -89,7 +90,7 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
        $outfwsettings{'STATE'} = "DENY";
        $POLICY = "ACCEPT";
-       $DO = "DROP";
+       $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'";
 }
 
 ### Initialize IPTables
@@ -166,9 +167,9 @@ foreach $configentry (sort @configs)
 
                        if ($configline[9] eq "aktiv") {
                                if ($DEBUG) {
-                                       print "$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
+                                       print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n";
                                } else {
-                                       system("$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
+                                       system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'");
                                }
                        }
                        
@@ -212,7 +213,16 @@ if ($P2PSTRING) {
 }
 
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
-       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP";
+        if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
+                       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'";
+               if ($DEBUG) {
+                       print "$CMD\n";
+               } else {
+                       system("$CMD");
+               }
+        }
+
+       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'";
        if ($DEBUG) {
                print "$CMD\n";
        } else {