Merge branch 'master' into fifteen

[people/teissler/ipfire-2.x.git] / src / initscripts / init.d / firewall

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index fc49da4e9192711e295f68408f887ac837cf3294..37ef351ed748b2d9da24fd9315d6f516633ac0f6 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -159,6 +159,10 @@ iptables_init() {
        /sbin/iptables -N WIRELESSFORWARD
        /sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
 
+       # OpenVPN
+       /sbin/iptables -N OVPNINPUT
+       /sbin/iptables -A INPUT -j OVPNINPUT
+
        # TOR
        /sbin/iptables -N TOR_INPUT
        /sbin/iptables -A INPUT -j TOR_INPUT
@@ -206,8 +210,8 @@ iptables_init() {
                /etc/sysconfig/firewall.local start
        fi
 
-       # run openvpn
-       /usr/local/bin/openvpnctrl --create-chains-and-rules
+       # Apply OpenVPN firewall rules
+       /usr/local/bin/openvpnctrl --firewall-rules
 
        # run wirelessctrl
        /usr/local/bin/wirelessctrl
@@ -223,7 +227,7 @@ iptables_init() {
        /usr/sbin/firewall-policy
 
        # read new firewall
-       /usr/local/bin/forwardfwctrl
+       /usr/local/bin/firewallctrl
 
        if [ "$DROPINPUT" == "on" ]; then
                /sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"