This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 8089b78d9d955cc7b4c4a6284b2499c9e234a799 (commit) from ea219d3a0f77a4d45cf42d8e7d3ee9dc3db63bbc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 8089b78d9d955cc7b4c4a6284b2499c9e234a799 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 29 15:06:35 2014 +0100
firewall-policy: fix drop and logging on red0;
-----------------------------------------------------------------------
Summary of changes: config/firewall/firewall-policy | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
Difference in files: diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy index 2c583c5..6990fa9 100755 --- a/config/firewall/firewall-policy +++ b/config/firewall/firewall-policy @@ -112,11 +112,29 @@ case "${POLICY}" in *) if [ -n "${IFACE}" ]; then if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then + if [ "${DROPFORWARD}" = "on" ]; then + iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD " + fi iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP fi if [ "${HAVE_ORANGE}" = "true" ] && [ -n "${ORANGE_DEV}" ]; then + if [ "${DROPFORWARD}" = "on" ]; then + iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD " + fi iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP fi + + if [ "${DROPFORWARD}" = "on" ]; then + iptables -A POLICYFWD -i "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD " + fi + iptables -A POLICYFWD -i "${IFACE}" -j DROP + + if [ "${IFACE}" != "${RED_DEV}" ]; then + if [ "${DROPFORWARD}" = "on" ]; then + iptables -A POLICYFWD -i "${RED_DEV}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD " + fi + iptables -A POLICYFWD -i "${RED_DEV}" -j DROP + fi fi iptables -A POLICYFWD -j ACCEPT iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
hooks/post-receive -- IPFire 2.x development tree