]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - src/initscripts/init.d/firewall
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
firewall: Allow blocking access to GREEN from GREEN.
[people/teissler/ipfire-2.x.git] / src / initscripts / init.d / firewall
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 853f195cf909a94bb546d7655f17067c2aa57058..7a18502bfa728743bc951fef3ccbce84389a57f4 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,7 +179,10 @@ iptables_init() {
        iptables -t nat -A POSTROUTING -j IPSECNAT
 
        # localhost and ethernet.
        iptables -t nat -A POSTROUTING -j IPSECNAT
 
        # localhost and ethernet.
-       iptables -A INPUT   -i $GREEN_DEV  -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
+       # Always allow accessing the web GUI from GREEN.
+       iptables -N GUIINPUT
+       iptables -A INPUT -j GUIINPUT
+       iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
 
        # WIRELESS chains
        iptables -N WIRELESSINPUT
 
        # WIRELESS chains
        iptables -N WIRELESSINPUT
Timo's tree of IPFire 2.x