From: Alexander Marx Date: Mon, 15 Apr 2013 18:29:15 +0000 (+0200) Subject: Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init... X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=aff15defbc1ade178a1fbbf1fa1b592033d4fb77;hp=53f4c74d9bd0eebf70b4540b688be6d6c3e556ab;ds=sidebyside Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall --- diff --git a/config/forwardfw/firewall-policy b/config/forwardfw/firewall-policy index 9af835cc9..0a5cd14b0 100755 --- a/config/forwardfw/firewall-policy +++ b/config/forwardfw/firewall-policy @@ -31,6 +31,7 @@ else /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP fi /sbin/iptables -A POLICYFWD -j ACCEPT + /sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP fi #OUTGOINGFW @@ -49,6 +50,7 @@ if [ "$POLICY1" == "MODE1" ]; then fi else /sbin/iptables -A POLICYOUT -j ACCEPT + /sbin/iptables -A POLICYOUT -m comment --comment "DROP_OUTPUT" -j DROP fi #INPUT if [ "$FWPOLICY2" == "REJECT" ]; then @@ -63,3 +65,5 @@ if [ "$FWPOLICY2" == "DROP" ]; then fi /sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT" fi + +exit 0 diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 3d14143b4..0888145e2 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -276,10 +276,6 @@ case "$1" in /sbin/iptables -A OUTPUT -j POLICYOUT /usr/sbin/firewall-policy - - #Only for firewall Hits statistik - /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" - /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT" ;; startovpn) # run openvpn @@ -317,12 +313,6 @@ case "$1" in fi /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD" - #Only for firewall Hits statistik - #/sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" - #/sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT" - - - ;; stopovpn) # stop openvpn