- if [ "$DROPOUTPUT" == "on" ]; then
- /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
- fi
- /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
- ;;
+ #if [ "$DROPFORWARD" == "on" ]; then
+ # /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+ #fi
+ #/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+
+ #POLICY CHAIN
+ /sbin/iptables -N POLICYIN
+ /sbin/iptables -A INPUT -j POLICYIN
+ /sbin/iptables -N POLICYFWD
+ /sbin/iptables -A FORWARD -j POLICYFWD
+ /sbin/iptables -N POLICYOUT
+ /sbin/iptables -A OUTPUT -j POLICYOUT
+
+ /usr/sbin/firewall-policy
+
+ ;;