Forward Firewall: Bugfix: blue was allowed to connect to everywhere if forward firewa...
authorAlexander Marx <amarx@ipfire.org>
Thu, 21 Mar 2013 13:36:29 +0000 (14:36 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:11:57 +0000 (14:11 +0200)
config/forwardfw/firewall-policy

index 303a7561b31ab4db2e373da641535830fe01cce6..55287dd074518f3185c8f31241adcb13d12f2bf9 100755 (executable)
@@ -6,6 +6,7 @@ eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
 iptables -F POLICYFWD
 iptables -F POLICYOUT
 iptables -F POLICYIN
+IFACE=`cat /var/ipfire/red/iface`
 
 #FORWARDFW
 if [ "$POLICY" == "MODE1" ]; then
@@ -22,6 +23,7 @@ if [ "$POLICY" == "MODE1" ]; then
                        /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
                fi
 else
+       /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP -m comment --comment "DROP_FORWARD_BLUE"
        /sbin/iptables -A POLICYFWD -j ACCEPT -m comment --comment "DROP_FORWARD"
 fi