From aff15defbc1ade178a1fbbf1fa1b592033d4fb77 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Mon, 15 Apr 2013 20:29:15 +0200 Subject: [PATCH 1/1] Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall --- config/forwardfw/firewall-policy | 4 ++++ src/initscripts/init.d/firewall | 10 ---------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/config/forwardfw/firewall-policy b/config/forwardfw/firewall-policy index 9af835cc9..0a5cd14b0 100755 --- a/config/forwardfw/firewall-policy +++ b/config/forwardfw/firewall-policy @@ -31,6 +31,7 @@ else /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP fi /sbin/iptables -A POLICYFWD -j ACCEPT + /sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP fi #OUTGOINGFW @@ -49,6 +50,7 @@ if [ "$POLICY1" == "MODE1" ]; then fi else /sbin/iptables -A POLICYOUT -j ACCEPT + /sbin/iptables -A POLICYOUT -m comment --comment "DROP_OUTPUT" -j DROP fi #INPUT if [ "$FWPOLICY2" == "REJECT" ]; then @@ -63,3 +65,5 @@ if [ "$FWPOLICY2" == "DROP" ]; then fi /sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT" fi + +exit 0 diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 3d14143b4..0888145e2 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -276,10 +276,6 @@ case "$1" in /sbin/iptables -A OUTPUT -j POLICYOUT /usr/sbin/firewall-policy - - #Only for firewall Hits statistik - /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" - /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT" ;; startovpn) # run openvpn @@ -317,12 +313,6 @@ case "$1" in fi /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD" - #Only for firewall Hits statistik - #/sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD" - #/sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT" - - - ;; stopovpn) # stop openvpn -- 2.39.2