iptables -F POLICYFWD
iptables -F POLICYOUT
-
+iptables -F POLICYIN
if [ "$POLICY" == "MODE1" ]; then
if [ "$FWPOLICY" == "REJECT" ]; then
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
fi
- /sbin/iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
+ /sbin/iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "REJECT_FORWARD"
fi
if [ "$FWPOLICY" == "DROP" ]; then
if [ "$DROPFORWARD" == "on" ]; then
if [ "$DROPOUTGOING" == "on" ]; then
/sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
fi
- /sbin/iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
+ /sbin/iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "REJECT_OUTPUT"
fi
if [ "$FWPOLICY1" == "DROP" ]; then
if [ "$DROPOUTGOING" == "on" ]; then
/sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
fi
fi
-
+#INPUT
+if [ "$FWPOLICY2" == "REJECT" ]; then
+ if [ "$DROPINPUT" == "on" ]; then
+ /sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
+ fi
+ /sbin/iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "REJECT_FORWARD"
+fi
+if [ "$FWPOLICY2" == "DROP" ]; then
+ if [ "$DROPINPUT" == "on" ]; then
+ /sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+ fi
+ /sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_FORWARD"
+fi
$checked{'SHOWDROPDOWN'}{$settings{'SHOWDROPDOWN'}} = "checked='checked'";
$selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
$selected{'FWPOLICY1'}{$settings{'FWPOLICY1'}}= 'selected';
+$selected{'FWPOLICY2'}{$settings{'FWPOLICY2'}}= 'selected';
&Header::openbox('100%', 'center', $Lang::tr{'options fw'});
<option value='DROP' $selected{'FWPOLICY1'}{'DROP'}>DROP</option>
<option value='REJECT' $selected{'FWPOLICY1'}{'REJECT'}>REJECT</option></select>
</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop action2'}</td><td><select name='FWPOLICY2'>
+<option value='DROP' $selected{'FWPOLICY2'}{'DROP'}>DROP</option>
+<option value='REJECT' $selected{'FWPOLICY2'}{'REJECT'}>REJECT</option></select>
+</td></tr>
</table>
<br />
'advproxy banned mac clients' => 'Gesperrte MAC-Adressen (eine pro Zeile)',
'advproxy cache management' => 'Cacheverwaltung',
'advproxy cache replacement policy' => 'Cache Ersetzungsrichtlinie',
-'advproxy cache-digest' => 'Cache-Digest-Erstellung aktivieren',
'advproxy chgwebpwd ERROR' => 'F E H L E R :',
'advproxy chgwebpwd SUCCESS' => 'E R F O L G :',
'advproxy chgwebpwd change password' => 'Passwort ändern',
'driver' => 'Treiber',
'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"',
'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
+'drop action2' => 'Standardverhalten der (INPUT) Firewall',
'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
'drop forward' => 'Verworfene (Forward) Firewall-Pakete loggen',
'wlanap encryption' => 'Verschlüsselung',
'wlanap informations' => 'Informationen',
'wlanap interface' => 'Interface übernehmen',
-'wlanap invalid wpa' => 'Ungültige Länge in WPA-Passphrase. Muss zwischen 8 und 63 ASCII-Zeichen lang sein.',
+'wlanap invalid wpa' => 'Ungültige Länge in WPA-Passphrase. Muss zwischen 8 und 63 Zeichen lang sein.',
'wlanap link dhcp' => 'Wireless Lan DHCP-Einstellungen',
'wlanap link wireless' => 'Wireless Lan Clients freischalten',
'wlanap no interface' => 'Ausgewähltes Interface ist keine WLAN-Karte!',
'advproxy banned mac clients' => 'Banned MAC addresses (one per line)',
'advproxy cache management' => 'Cache management',
'advproxy cache replacement policy' => 'Cache replacement policy',
-'advproxy cache-digest' => 'Enable Cache-Digest Generation',
'advproxy chgwebpwd ERROR' => 'E R R O R :',
'advproxy chgwebpwd SUCCESS' => 'S U C C E S S :',
'advproxy chgwebpwd change password' => 'Change password',
'driver' => 'Driver',
'drop action' => 'Default behaviour of (forward) firewall in mode "Blocked"',
'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"',
+'drop action2' => 'Default behaviour of (input) firewall',
'drop input' => 'Log dropped input pakets',
'drop newnotsyn' => 'Log dropped new not syn pakets',
'drop forward' => 'Log dropped forward pakets',
'wlanap encryption' => 'Encryption',
'wlanap informations' => 'Informations',
'wlanap interface' => 'Select interface',
-'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 ascii characters.',
+'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 characters.',
'wlanap link dhcp' => 'Wireless lan DHCP configuration',
'wlanap link wireless' => 'Activate wireless lan clients',
'wlanap no interface' => 'Selected interface is not a wirless lan card!',