From e01e07ec8b770eb849a42ad3f8c0f67e55faf905 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Wed, 6 Feb 2019 21:00:00 +0000 Subject: [PATCH] apply default firewall policy for ORANGE, too MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If firewall default policy is set to DROP, this setting was not applied to outgoing ORANGE traffic as well, which was misleading. Fixes #11973 Signed-off-by: Peter Müller Cc: Michael Tremer Cc: Oliver Fuhrer Signed-off-by: Michael Tremer --- src/initscripts/system/firewall | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 707209987e..b9dd3485e0 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -294,7 +294,7 @@ iptables_init() { iptables -N OVPNINPUT iptables -A INPUT -j OVPNINPUT - # TOR + # Tor iptables -N TOR_INPUT iptables -A INPUT -j TOR_INPUT @@ -414,15 +414,6 @@ iptables_red_up() { iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT fi - # Orange pinholes - if [ "$ORANGE_DEV" != "" ]; then - # This rule enables a host on ORANGE network to connect to the outside - # (only if we have a red connection) - if [ "$IFACE" != "" ]; then - iptables -A REDFORWARD -i $ORANGE_DEV -o $IFACE -j ACCEPT - fi - fi - if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then # DHCP if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then @@ -470,7 +461,7 @@ iptables_red_up() { iptables_red_down() { # Prohibit packets to reach the masquerading rule - # while the wan interface is down - this is required to + # while the WAN interface is down - this is required to # circumvent udp related NAT issues # http://forum.ipfire.org/index.php?topic=11127.0 if [ -n "${IFACE}" ]; then -- 2.39.2