Ein NTFS-Update fuer den Heiner :D

[ipfire-2.x.git] / src / rc.d / rc.firewall

diff --git a/src/rc.d/rc.firewall b/src/rc.d/rc.firewall
index 8a9b0d5ddc0c905cb6014203d2ae878dfecf6dc4..25d764bc5fcb7bd04c728a9fd443b4fc8944231c 100644 (file)
--- a/src/rc.d/rc.firewall
+++ b/src/rc.d/rc.firewall
@@ -165,9 +165,9 @@ case "$1" in
        /sbin/iptables -A INPUT   -i $GREEN_DEV  -m state --state NEW -j ACCEPT -p ! icmp
        /sbin/iptables -A FORWARD -i $GREEN_DEV  -m state --state NEW -j ACCEPT
 
-       # If a host on orange tries to initiate a connection to IPCop's red IP and
+       # If a host on orange tries to initiate a connection to IPFire's red IP and
        # the connection gets DNATed back through a port forward to a server on orange
-       # we end up with orange -> orange traffic passing through IPCop
+       # we end up with orange -> orange traffic passing through IPFire
        [ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
 
        # accept all traffic from ipsec interfaces
@@ -236,6 +236,8 @@ case "$1" in
                /sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
        fi
 
+       # run openvpn
+       /usr/local/bin/openvpnctrl --create-chains-and-rules
 
        # run local firewall configuration, if present
        if [ -x /etc/rc.d/rc.firewall.local ]; then
@@ -264,6 +266,9 @@ case "$1" in
                /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
        fi
 
+       # stop openvpn
+       /usr/local/bin/openvpnctrl --delete-chains-and-rules
+
        # run local firewall configuration, if present
        if [ -x /etc/rc.d/rc.firewall.local ]; then
                /etc/rc.d/rc.firewall.local stop