Forward Firewall: delete old portforwarding from system and fix for wlan-firewall...

[people/teissler/ipfire-2.x.git] / src / misc-progs / wirelessctrl.c

diff --git a/src/misc-progs/wirelessctrl.c b/src/misc-progs/wirelessctrl.c
index be6f967c48b5ea3158d806e0efdee07d250f888d..2a6ed0cae1193d34fdcf0d4b106c70142fe7eefa 100644 (file)
--- a/src/misc-progs/wirelessctrl.c
+++ b/src/misc-progs/wirelessctrl.c
@@ -154,29 +154,29 @@ int main(void)
                                                                        (VALID_IP_AND_MASK(ipaddress))) {
                                                                        snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);
                                                                        safe_system(command);
-                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
+                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j RETURN", macaddress, ipaddress, blue_dev, green_dev);
+                                                                       safe_system(command);
+                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j FORWARDFW", macaddress, ipaddress, blue_dev);
                                                                        safe_system(command);
-                                                                       /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
-                                                                       safe_system(command);*/
                                                        } else {
 
                                                                        /* correctly formed mac address is 17 chars */
                                                                        if (strlen(macaddress) == 17) {
                                                                                                        snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);
                                                                                                        safe_system(command);
-                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
+                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j RETURN", macaddress, blue_dev, green_dev);
+                                                                                                       safe_system(command);
+                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j FORWARDFW", macaddress, blue_dev);
                                                                                                        safe_system(command);
-                                                                                                       /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
-                                                                                                       safe_system(command);*/
                                                                        }
 
                                                                        if (VALID_IP_AND_MASK(ipaddress)) {
                                                                                                        snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);
                                                                                                        safe_system(command);
-                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
+                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j RETURN", ipaddress, blue_dev, green_dev);
+                                                                                                       safe_system(command);
+                                                                                                       snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j FORWARDFW", ipaddress, blue_dev);
                                                                                                        safe_system(command);
-                                                                                                       /*snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
-                                                                                                       safe_system(command);*/
                                                                        }
                                                        }
                                                        }