if [ "$BLUE_DEV" ] && [ "$IFACE" ]; then
/sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP
fi
+ /sbin/iptables -A POLICYFWD -s "$ORANGE_NETADDRESS"/"$ORANGE_NETMASK" -d "$BLUE_NETADDRESS"/"$BLUE_NETMASK" -j DROP
+ /sbin/iptables -A POLICYFWD -s "$ORANGE_NETADDRESS"/"$ORANGE_NETMASK" -d "$GREEN_NETADDRESS"/"$GREEN_NETMASK" -j DROP
/sbin/iptables -A POLICYFWD -j ACCEPT
/sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
fi
&p2pblock;
system ("/usr/sbin/firewall-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
- $defaultNetworks{'GREEN_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'GREEN_NETMASK'});
- $green="$defaultNetworks{'GREEN_ADDRESS'}/$defaultNetworks{'GREEN_NETMASK'}";
- if ($defaultNetworks{'BLUE_DEV'}){
- $defaultNetworks{'BLUE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'BLUE_NETMASK'});
- $blue="$defaultNetworks{'BLUE_ADDRESS'}/$defaultNetworks{'BLUE_NETMASK'}";
- #set default rules for BLUE
- system ("iptables -A $CHAIN -s $blue -d $green -j RETURN");
- }
- if ($defaultNetworks{'ORANGE_DEV'}){
- $defaultNetworks{'ORANGE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'ORANGE_NETMASK'});
- $orange="$defaultNetworks{'ORANGE_ADDRESS'}/$defaultNetworks{'ORANGE_NETMASK'}";
- #set default rules for DMZ
- system ("iptables -A $CHAIN -s $orange -d $green -j RETURN");
- if ($defaultNetworks{'BLUE_DEV'}){
- system ("iptables -A $CHAIN -s $orange -d $blue -j RETURN");
- }
- }
&p2pblock;
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
system ("/usr/sbin/firewall-policy");