From fb61ec6715f8bcf9005477563a6449f51725f286 Mon Sep 17 00:00:00 2001
From: Alexander Marx <amarx@ipfire.org>
Date: Thu, 21 Mar 2013 14:36:29 +0100
Subject: [PATCH] Forward Firewall: Bugfix: blue was allowed to connect to
 everywhere if forward firewall was open

---
 config/forwardfw/firewall-policy | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/forwardfw/firewall-policy b/config/forwardfw/firewall-policy
index 303a7561b..55287dd07 100755
--- a/config/forwardfw/firewall-policy
+++ b/config/forwardfw/firewall-policy
@@ -6,6 +6,7 @@ eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
 iptables -F POLICYFWD
 iptables -F POLICYOUT
 iptables -F POLICYIN
+IFACE=`cat /var/ipfire/red/iface`
 
 #FORWARDFW
 if [ "$POLICY" == "MODE1" ]; then
@@ -22,6 +23,7 @@ if [ "$POLICY" == "MODE1" ]; then
 			/sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
 		fi
 else
+	/sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP -m comment --comment "DROP_FORWARD_BLUE"
 	/sbin/iptables -A POLICYFWD -j ACCEPT -m comment --comment "DROP_FORWARD"
 fi
 
-- 
2.39.2