From 53f4c74d9bd0eebf70b4540b688be6d6c3e556ab Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Mon, 15 Apr 2013 15:02:50 +0200 Subject: [PATCH] Forward Firewall: some changes in firewall script to make collectd work --- config/collectd/collectd.conf | 2 +- config/forwardfw/firewall-policy | 10 ++++++++-- src/initscripts/init.d/firewall | 8 ++++---- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf index e222d5cb72..14dd568c2f 100644 --- a/config/collectd/collectd.conf +++ b/config/collectd/collectd.conf @@ -23,7 +23,7 @@ LoadPlugin memory LoadPlugin ping LoadPlugin processes LoadPlugin rrdtool -#LoadPlugin sensors +LoadPlugin sensors LoadPlugin swap LoadPlugin syslog #LoadPlugin wireless diff --git a/config/forwardfw/firewall-policy b/config/forwardfw/firewall-policy index 6e648e2685..9af835cc9c 100755 --- a/config/forwardfw/firewall-policy +++ b/config/forwardfw/firewall-policy @@ -2,11 +2,15 @@ eval $(/usr/local/bin/readhash /var/ipfire/forward/settings) eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings) +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) iptables -F POLICYFWD iptables -F POLICYOUT iptables -F POLICYIN -IFACE=`cat /var/ipfire/red/iface` + +if [ -f "/var/ipfire/red/iface" ]; then + IFACE=`cat /var/ipfire/red/iface` +fi #FORWARDFW if [ "$POLICY" == "MODE1" ]; then @@ -23,7 +27,9 @@ if [ "$POLICY" == "MODE1" ]; then /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" fi else - /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP + if [ "$BLUE_DEV" ] && [ "$IFACE" ]; then + /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP + fi /sbin/iptables -A POLICYFWD -j ACCEPT fi diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 24dee132a2..3d14143b45 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -120,8 +120,8 @@ iptables_red() { fi # Outgoing masquerading (don't masqerade IPSEC (mark 50)) - /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN - /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE + #/sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN + #/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE fi } @@ -318,8 +318,8 @@ case "$1" in /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD" #Only for firewall Hits statistik - /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" - /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT" + #/sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" + #/sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT" -- 2.39.2