firewall: Add more rules to input/output when adding rules to forward

The special_input/output_targets array assumed that firewall access
will always be denied. However, rules also need to be created when
access is granted. Therefore the ACCEPT target needs to be included
in this list and rules must be created in INPUTFW/OUTGOINGFW too
when ACCEPT rules are created in FORWARDFW.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9817634c84cf54f9e2c7baff33af0760e24051f9..a87fc5274a9d72329577384262769f0f23ceb219 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -175,9 +175,9 @@ sub buildrules {
        }
 
        if ($POLICY_INPUT_ACTION eq "DROP") {
-               push(@special_input_targets, "REJECT");
+               push(@special_input_targets, ("ACCEPT", "REJECT"));
        } elsif ($POLICY_INPUT_ACTION eq "REJECT") {
-               push(@special_input_targets, "DROP");
+               push(@special_input_targets, ("ACCEPT", "DROP"));
        }
 
        my @special_output_targets = ();
@@ -187,9 +187,9 @@ sub buildrules {
                push(@special_output_targets, "ACCEPT");
 
                if ($POLICY_OUTPUT_ACTION eq "DROP") {
-                       push(@special_output_targets, "REJECT");
+                       push(@special_output_targets, ("ACCEPT", "REJECT"));
                } elsif ($POLICY_OUTPUT_ACTION eq "REJECT") {
-                       push(@special_output_targets, "DROP");
+                       push(@special_output_targets, ("ACCEPT", "DROP"));
                }
        }