Forward Firewall: replaced Outgoing-Logging with ForwardFW Logging. And changed Optio...

[people/teissler/ipfire-2.x.git] / src / initscripts / init.d / firewall

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 4287d33f180cf0808da8918fc7fa5f5d5f3fe505..f4cc2afa8780cf528f3b0cfc756834a56bb61c32 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -287,6 +287,13 @@ case "$1" in
                /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
        fi
        /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
+       
+       if [ "$DROPFORWARD" == "on" ]; then
+               /sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
+       fi
+       /sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW"
+       
+       
         ;;
   startovpn)  
        # run openvpn
@@ -323,7 +330,11 @@ case "$1" in
                /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
        fi
        /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
-        ;;
+       if [ "$DROPFORWARD" == "on" ]; then
+               /sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
+       fi
+       /sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW"
+       ;;
   stopovpn)
        # stop openvpn
        /usr/local/bin/openvpnctrl --delete-chains-and-rules