iptables -N IPS
iptables -A INPUT -j IPS
iptables -A FORWARD -j IPS
+ iptables -A OUTPUT -j IPS
# Block non-established IPsec networks
iptables -N IPSECBLOCK
iptables -N OVPNINPUT
iptables -A INPUT -j OVPNINPUT
- # TOR
+ # Tor (inbound and outbound)
iptables -N TOR_INPUT
iptables -A INPUT -j TOR_INPUT
+ iptables -N TOR_OUTPUT
+ iptables -A OUTPUT -j TOR_OUTPUT
# Jump into the actual firewall ruleset.
iptables -N INPUTFW
iptables -t nat -N REDNAT
iptables -t nat -A POSTROUTING -j REDNAT
- # Populate IPsec block chain
- /usr/lib/firewall/ipsec-block
+ # Populate IPsec chains
+ /usr/lib/firewall/ipsec-policy
# Apply OpenVPN firewall rules
/usr/local/bin/openvpnctrl --firewall-rules
iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
fi
- # Orange pinholes
- if [ "$ORANGE_DEV" != "" ]; then
- # This rule enables a host on ORANGE network to connect to the outside
- # (only if we have a red connection)
- if [ "$IFACE" != "" ]; then
- iptables -A REDFORWARD -i $ORANGE_DEV -o $IFACE -j ACCEPT
- fi
- fi
-
if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then
# DHCP
if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
iptables_red_down() {
# Prohibit packets to reach the masquerading rule
- # while the wan interface is down - this is required to
+ # while the WAN interface is down - this is required to
# circumvent udp related NAT issues
# http://forum.ipfire.org/index.php?topic=11127.0
if [ -n "${IFACE}" ]; then