This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via fded6faa72d581114e25ddb17bcc607625736fdc (commit) via c0e0848f999ed8944ae551047fdea32bfee88d03 (commit) via 8e59a6022bf7cb225c3509be2964833cce0e630c (commit) via 763190af8e3272a1edd582e1e1736bfc8c0c1baa (commit) from 9d707db06eef14a519ed1e5091a6d12f50b452d4 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit fded6faa72d581114e25ddb17bcc607625736fdc Merge: 9d707db c0e0848 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu May 22 23:11:43 2014 +0200
Merge remote-tracking branch 'ms/firewall-block-green' into next
commit c0e0848f999ed8944ae551047fdea32bfee88d03 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 20 11:41:23 2014 +0200
firewall: Allow blocking access to GREEN from GREEN.
commit 8e59a6022bf7cb225c3509be2964833cce0e630c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 20 11:27:24 2014 +0200
firewall: Rename GUIINPUT chain to ICMPINPUT.
The name of the chain does not really explain what it does.
commit 763190af8e3272a1edd582e1e1736bfc8c0c1baa Merge: 30b1c1c 33df321 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 20 11:25:48 2014 +0200
Merge remote-tracking branch 'origin/master' into next
-----------------------------------------------------------------------
Summary of changes: config/firewall/firewall-policy | 3 +++ src/initscripts/init.d/firewall | 13 ++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-)
Difference in files: diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy index 96b9b2f..4ba1ace 100755 --- a/config/firewall/firewall-policy +++ b/config/firewall/firewall-policy @@ -57,6 +57,9 @@ HAVE_OPENVPN="true"
# INPUT
+# Allow access from GREEN +iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT + # IPsec INPUT case "${HAVE_IPSEC},${POLICY}" in true,MODE1) ;; diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 8371781..7a18502 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -120,10 +120,10 @@ iptables_init() { iptables -N IPTVFORWARD iptables -A FORWARD -j IPTVFORWARD
- # filtering from GUI - iptables -N GUIINPUT - iptables -A INPUT -j GUIINPUT - iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT + # Allow to ping the firewall. + iptables -N ICMPINPUT + iptables -A INPUT -j ICMPINPUT + iptables -A ICMPINPUT -p icmp --icmp-type 8 -j ACCEPT
# Accept everything on loopback iptables -N LOOPBACK @@ -179,7 +179,10 @@ iptables_init() { iptables -t nat -A POSTROUTING -j IPSECNAT
# localhost and ethernet. - iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp + # Always allow accessing the web GUI from GREEN. + iptables -N GUIINPUT + iptables -A INPUT -j GUIINPUT + iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
# WIRELESS chains iptables -N WIRELESSINPUT
hooks/post-receive -- IPFire 2.x development tree