rules.pl: Do not check private networks against ipblocklists.

In case some of these private networks are part of an used blocklist
this kind of traffic needs to be allowed. Otherwise some services may
not work properly.

For example:
In case one ore more IPSec N2N connections are configured no traffic can
be passed through it, if the used networks are part of an blocklist.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 62fae8c0258ad5ba527c9a7988b920905bf7b9d3..e1d7718a8842a8e7432031a7ada1cfdc99324515 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -731,6 +731,16 @@ sub ipblocklist () {
        run("$IPTABLES -F BLOCKLISTIN");
        run("$IPTABLES -F BLOCKLISTOUT");
 
+       # Check if the blocklist feature is enabled.
+       if($blocklistsettings{'ENABLE'} eq "on") {
+               # Loop through the array of private networks.
+               foreach my $private_network (@PRIVATE_NETWORKS) {
+                       # Create firewall rules to never block private networks.
+                       run("$IPTABLES -A BLOCKLISTIN -p ALL -i $RED_DEV -s $private_network -j RETURN");
+                       run("$IPTABLES -A BLOCKLISTOUT -p ALL -o $RED_DEV -d $private_network -j RETURN");
+               }
+       }
+
        # Loop through the array of blocklists.
        foreach my $blocklist (@blocklists) {
                # Check if the blocklist feature and the current processed blocklist is enabled.