From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 8089b78d9d955cc7b4c4a6284b2499c9e234a799 Date: Sat, 29 Mar 2014 15:07:12 +0100 Message-ID: <20140329140716.2BC7B20A37@argus.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2300318568349047539==" List-Id: --===============2300318568349047539== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 8089b78d9d955cc7b4c4a6284b2499c9e234a799 (commit) from ea219d3a0f77a4d45cf42d8e7d3ee9dc3db63bbc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8089b78d9d955cc7b4c4a6284b2499c9e234a799 Author: Arne Fitzenreiter Date: Sat Mar 29 15:06:35 2014 +0100 firewall-policy: fix drop and logging on red0; ----------------------------------------------------------------------- Summary of changes: config/firewall/firewall-policy | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) Difference in files: diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy index 2c583c5..6990fa9 100755 --- a/config/firewall/firewall-policy +++ b/config/firewall/firewall-policy @@ -112,11 +112,29 @@ case "${POLICY}" in *) if [ -n "${IFACE}" ]; then if [ "${HAVE_BLUE}" =3D "true" ] && [ -n "${BLUE_DEV}" ]; then + if [ "${DROPFORWARD}" =3D "on" ]; then + iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -m limit --limit= 10/minute -j LOG --log-prefix "DROP_FORWARD " + fi iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP fi if [ "${HAVE_ORANGE}" =3D "true" ] && [ -n "${ORANGE_DEV}" ]; then + if [ "${DROPFORWARD}" =3D "on" ]; then + iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -m limit --lim= it 10/minute -j LOG --log-prefix "DROP_FORWARD " + fi iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP fi + + if [ "${DROPFORWARD}" =3D "on" ]; then + iptables -A POLICYFWD -i "${IFACE}" -m limit --limit 10/minute -j LOG --= log-prefix "DROP_FORWARD " + fi + iptables -A POLICYFWD -i "${IFACE}" -j DROP + + if [ "${IFACE}" !=3D "${RED_DEV}" ]; then + if [ "${DROPFORWARD}" =3D "on" ]; then + iptables -A POLICYFWD -i "${RED_DEV}" -m limit --limit 10/minute -j LOG= --log-prefix "DROP_FORWARD " + fi + iptables -A POLICYFWD -i "${RED_DEV}" -j DROP + fi fi iptables -A POLICYFWD -j ACCEPT iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP hooks/post-receive -- IPFire 2.x development tree --===============2300318568349047539==--