]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - config/outgoingfw/outgoingfw.pl
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added all option to outgoingfw.
[people/pmueller/ipfire-2.x.git] / config / outgoingfw / outgoingfw.pl
diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl
index 1e7594a53dd807d75f88277db0859f137f9071b5..ae1f105e27c18d81e0a83cee68b638ea7019ddfa 100644 (file)
--- a/config/outgoingfw/outgoingfw.pl
+++ b/config/outgoingfw/outgoingfw.pl
@@ -90,7 +90,7 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
        $outfwsettings{'STATE'} = "DENY";
        $POLICY = "ACCEPT";
-       $DO = "DROP";
+       $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'";
 }
 
 ### Initialize IPTables
@@ -142,6 +142,8 @@ foreach $configentry (sort @configs)
                        @proto = ("tcp");
                } elsif ($configline[3] eq 'udp') {
                        @proto = ("udp");
+               } elsif ($configline[3] eq 'all') {
+                       @proto = ("all");
                } else {
                        @proto = ("tcp", "udp");
                }
@@ -167,9 +169,9 @@ foreach $configentry (sort @configs)
 
                        if ($configline[9] eq "aktiv") {
                                if ($DEBUG) {
-                                       print "$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
+                                       print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n";
                                } else {
-                                       system("$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
+                                       system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'");
                                }
                        }
                        
@@ -213,7 +215,16 @@ if ($P2PSTRING) {
 }
 
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
-       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP";
+        if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
+                       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'";
+               if ($DEBUG) {
+                       print "$CMD\n";
+               } else {
+                       system("$CMD");
+               }
+        }
+
+       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'";
        if ($DEBUG) {
                print "$CMD\n";
        } else {
Peter's tree of IPFire 2.x