Forward Firewall: some changes in firewall script to make collectd work

author Alexander Marx <amarx@ipfire.org>

Mon, 15 Apr 2013 13:02:50 +0000 (15:02 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Fri, 9 Aug 2013 12:13:10 +0000 (14:13 +0200)
author Alexander Marx <amarx@ipfire.org>
Mon, 15 Apr 2013 13:02:50 +0000 (15:02 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:13:10 +0000 (14:13 +0200)
diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf

index e222d5cb72c2ae535cf9c8e22633846cdd70879b..14dd568c2ffd3369a13ef48e78800a5063357d48 100644 (file)
--- a/config/collectd/collectd.conf
+++ b/config/collectd/collectd.conf
@@ -23,7 +23,7 @@ LoadPlugin memory
  LoadPlugin ping
  LoadPlugin processes
  LoadPlugin rrdtool
-#LoadPlugin sensors
+LoadPlugin sensors
  LoadPlugin swap
  LoadPlugin syslog
  #LoadPlugin wireless
diff --git a/config/forwardfw/firewall-policy b/config/forwardfw/firewall-policy

index 6e648e2685865df719973d28aaa608743eb16b93..9af835cc9cc92261f6333572a1ad855a7bf4f9d3 100755 (executable)
--- a/config/forwardfw/firewall-policy
+++ b/config/forwardfw/firewall-policy
@@ -2,11 +2,15 @@
  
  eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
  eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
  
  iptables -F POLICYFWD
  iptables -F POLICYOUT
  iptables -F POLICYIN
-IFACE=`cat /var/ipfire/red/iface`
+
+if [ -f "/var/ipfire/red/iface" ]; then
+       IFACE=`cat /var/ipfire/red/iface`
+fi
  
  #FORWARDFW
  if [ "$POLICY" == "MODE1" ]; then
@@ -23,7 +27,9 @@ if [ "$POLICY" == "MODE1" ]; then
                         /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
                 fi
  else
-       /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP 
+       if [  "$BLUE_DEV" ] && [ "$IFACE" ]; then
+               /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP 
+       fi
         /sbin/iptables -A POLICYFWD -j ACCEPT 
  fi
  
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall

index 24dee132a2ce8e6d83835a55c71ab3967f21278e..3d14143b458d78eeb72c230a7cd5c0787dd791a3 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -120,8 +120,8 @@ iptables_red() {
                 fi
  
                 # Outgoing masquerading (don't masqerade IPSEC (mark 50))
-               /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
-               /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+               #/sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
+               #/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
  
         fi
  }
@@ -318,8 +318,8 @@ case "$1" in
         /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
         
         #Only for firewall Hits statistik
-       /sbin/iptables -A POLICYFWD -j DROP  -m comment --comment "DROP_FORWARD"
-       /sbin/iptables -A POLICYOUT -j DROP  -m comment --comment "DROP_OUTPUT"
+       #/sbin/iptables -A POLICYFWD -j DROP  -m comment --comment "DROP_FORWARD"
+       #/sbin/iptables -A POLICYOUT -j DROP  -m comment --comment "DROP_OUTPUT"
author	Alexander Marx <amarx@ipfire.org>
	Mon, 15 Apr 2013 13:02:50 +0000 (15:02 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Fri, 9 Aug 2013 12:13:10 +0000 (14:13 +0200)
config/collectd/collectd.conf		patch \| blob \| blame \| history
config/forwardfw/firewall-policy		patch \| blob \| blame \| history
src/initscripts/init.d/firewall		patch \| blob \| blame \| history