fi
# Outgoing masquerading (don't masqerade IPSEC (mark 50))
- #/sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
- #/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+ /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
+ /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
}
/sbin/iptables -A OUTPUT -j POLICYOUT
/usr/sbin/firewall-policy
-
- #Only for firewall Hits statistik
- /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
- /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
;;
startovpn)
# run openvpn
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local stop
fi
-
+ /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
- /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
- #Only for firewall Hits statistik
- #/sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
- #/sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
-
-
-
;;
stopovpn)
# stop openvpn