Forward Firewall: put rule OUTGOING ACCEPT Related, established into /etc/init.d...

[people/teissler/ipfire-2.x.git] / src / initscripts / init.d / firewall

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c51ba35855a1a44ea7d45e2fe5d10fbc0ed19285..9024a88fdae8069f9e74a43b4bb4b09c7496be76 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -149,10 +149,10 @@ case "$1" in
        /sbin/iptables -N CUSTOMFORWARD
        /sbin/iptables -A FORWARD -j CUSTOMFORWARD
        /sbin/iptables -N CUSTOMOUTPUT
+       /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
        /sbin/iptables -N OUTGOINGFW
        /sbin/iptables -A OUTPUT -j OUTGOINGFW
-       /sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT
        /sbin/iptables -t nat -N CUSTOMPREROUTING
        /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
        /sbin/iptables -t nat -N CUSTOMPOSTROUTING
@@ -173,6 +173,10 @@ case "$1" in
        /sbin/iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
        /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
        
+       # Accept everything on lo
+       iptables -A INPUT  -i lo -m state --state NEW -j ACCEPT
+       iptables -A OUTPUT -o lo -m state --state NEW -j ACCEPT
+       
        # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
        /sbin/iptables -N IPSECINPUT
        /sbin/iptables -N IPSECFORWARD