]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - config/forwardfw/firewall-policy
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Forward Firewall: moved default rules from FORWARDFW to POLICYFWD
[people/teissler/ipfire-2.x.git] / config / forwardfw / firewall-policy
diff --git a/config/forwardfw/firewall-policy b/config/forwardfw/firewall-policy
index 9af835cc9cc92261f6333572a1ad855a7bf4f9d3..459c1a554e09519fdba98fca3cbe792f69a871bf 100755 (executable)
--- a/config/forwardfw/firewall-policy
+++ b/config/forwardfw/firewall-policy
@@ -30,7 +30,10 @@ else
        if [  "$BLUE_DEV" ] && [ "$IFACE" ]; then
                /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP 
        fi
+       /sbin/iptables -A POLICYFWD -s "$ORANGE_NETADDRESS"/"$ORANGE_NETMASK" -d "$BLUE_NETADDRESS"/"$BLUE_NETMASK" -j DROP
+       /sbin/iptables -A POLICYFWD -s "$ORANGE_NETADDRESS"/"$ORANGE_NETMASK" -d "$GREEN_NETADDRESS"/"$GREEN_NETMASK" -j DROP
        /sbin/iptables -A POLICYFWD -j ACCEPT 
+       /sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
 fi
 
 #OUTGOINGFW
@@ -49,6 +52,7 @@ if [ "$POLICY1" == "MODE1" ]; then
        fi
 else
        /sbin/iptables -A POLICYOUT -j ACCEPT 
+       /sbin/iptables -A POLICYOUT -m comment --comment "DROP_OUTPUT" -j DROP
 fi
 #INPUT
 if [ "$FWPOLICY2" == "REJECT" ]; then
@@ -63,3 +67,5 @@ if [ "$FWPOLICY2" == "DROP" ]; then
        fi
        /sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
 fi
+
+exit 0
Timo's tree of IPFire 2.x