Fixed outgoingfw logging in DROP_ format to be ignored by kernel filter

Remove option for outgoing fw mode 1 to log allowed packages (was not
intended to be available)

diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl
index 15aaf012373870e3b065fb3fa0dd9a3f59799f11..5344ae35661e23ef1e555c1f0515ece64e35c416 100644 (file)
--- a/config/outgoingfw/outgoingfw.pl
+++ b/config/outgoingfw/outgoingfw.pl
@@ -167,9 +167,9 @@ foreach $configentry (sort @configs)
 
                        if ($configline[9] eq "aktiv") {
                                if ($DEBUG) {
-                                       print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n";
+                                       print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n";
                                } else {
-                                       system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '");
+                                       system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'");
                                }
                        }
                        
@@ -214,7 +214,7 @@ if ($P2PSTRING) {
 
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
         if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
-                       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '";
+                       $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'";
                if ($DEBUG) {
                        print "$CMD\n";
                } else {

diff --git a/config/rootfiles/updater/filelists/core15 b/config/rootfiles/updater/filelists/core15
index ec1506f159cdb673c7ae10d34bc89b1ebf9be6fc..334ec82616bf76a15b216f2f5a9e9fa40f1b1965 100644 (file)
--- a/config/rootfiles/updater/filelists/core15
+++ b/config/rootfiles/updater/filelists/core15
@@ -8,6 +8,7 @@ srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/qos.cgi
 srv/web/ipfire/cgi-bin/network.cgi
 srv/web/ipfire/cgi-bin/graphs.cgi
+srv/web/ipfire/cgi-bin/outgoingfw.cgi
 var/ipfire/langs
 var/ipfire/graphs.pl
 var/ipfire/outgoing/bin/outgoingfw.pl

diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi
index 61cae771376413030602935be1d5661165240b0d..a7260d81f6c340bb8fe23ab8bb625e425f6360ba 100644 (file)
--- a/html/cgi-bin/outgoingfw.cgi
+++ b/html/cgi-bin/outgoingfw.cgi
@@ -485,7 +485,15 @@ END
                    <td width='20%' align='right'>$Lang::tr{'source ip'}: <img src='/blob.gif' />
                    <td width='30%' align='left'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}' />
                <tr><td width='20%' align='right'>$Lang::tr{'logging'}:
-                   <td width='30%' align='left'><select name='LOG'><option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option></select></td>
+END
+;
+if ($outfwsettings{'POLICY'} eq 'MODE1'){
+        print "<td width='30%' align='left'><input type='text' name='LOG' maxlength='10' value='$Lang::tr{'inactive'}' readonly='true' /></td>";
+}
+else{
+        print "<td width='30%' align='left'><select name='LOG'><option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option></select></td>";
+}
+print <<END
                    <td width='20%' align='right' />
                    <td width='30%' align='left' />
                <tr><td width='20%' align='right'>$Lang::tr{'destination ip'}: <img src='/blob.gif' />