From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 30 Apr 2019 09:45:34 +0000 (+0100)
Subject: firewall: Add more rules to input/output when adding rules to forward
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ae93dd3deb6524036943513e90d1fba84e3608bd;p=people%2Fms%2Fipfire-2.x.git

firewall: Add more rules to input/output when adding rules to forward

The special_input/output_targets array assumed that firewall access
will always be denied. However, rules also need to be created when
access is granted. Therefore the ACCEPT target needs to be included
in this list and rules must be created in INPUTFW/OUTGOINGFW too
when ACCEPT rules are created in FORWARDFW.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9817634c84..a87fc5274a 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -175,9 +175,9 @@ sub buildrules {
 	}
 
 	if ($POLICY_INPUT_ACTION eq "DROP") {
-		push(@special_input_targets, "REJECT");
+		push(@special_input_targets, ("ACCEPT", "REJECT"));
 	} elsif ($POLICY_INPUT_ACTION eq "REJECT") {
-		push(@special_input_targets, "DROP");
+		push(@special_input_targets, ("ACCEPT", "DROP"));
 	}
 
 	my @special_output_targets = ();
@@ -187,9 +187,9 @@ sub buildrules {
 		push(@special_output_targets, "ACCEPT");
 
 		if ($POLICY_OUTPUT_ACTION eq "DROP") {
-			push(@special_output_targets, "REJECT");
+			push(@special_output_targets, ("ACCEPT", "REJECT"));
 		} elsif ($POLICY_OUTPUT_ACTION eq "REJECT") {
-			push(@special_output_targets, "DROP");
+			push(@special_output_targets, ("ACCEPT", "DROP"));
 		}
 	}