From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 29 Mar 2014 14:06:35 +0000 (+0100)
Subject: firewall-policy: fix drop and logging on red0;
X-Git-Tag: v2.15-rc1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8089b78d9d955cc7b4c4a6284b2499c9e234a799;p=people%2Fms%2Fipfire-2.x.git

firewall-policy: fix drop and logging on red0;
---

diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index 2c583c5957..6990fa9f66 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -112,11 +112,29 @@ case "${POLICY}" in
 	*)
 		if [ -n "${IFACE}" ]; then
 			if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
+				if [ "${DROPFORWARD}" = "on" ]; then
+					iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+				fi
 				iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP
 			fi
 			if [ "${HAVE_ORANGE}" = "true" ] && [ -n "${ORANGE_DEV}" ]; then
+				if [ "${DROPFORWARD}" = "on" ]; then
+					iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+				fi
 				iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP
 			fi
+
+			if [ "${DROPFORWARD}" = "on" ]; then
+				iptables -A POLICYFWD -i "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+			fi
+			iptables -A POLICYFWD -i "${IFACE}" -j DROP
+
+			if [ "${IFACE}" != "${RED_DEV}" ]; then
+				if [ "${DROPFORWARD}" = "on" ]; then
+					iptables -A POLICYFWD -i "${RED_DEV}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+				fi
+				iptables -A POLICYFWD -i "${RED_DEV}" -j DROP
+			fi
 		fi
 		iptables -A POLICYFWD -j ACCEPT
 		iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP