[v2,2/4] firewall: Fixes bug12981 - add if loop to log or not log dropped hostile traffic
Commit Message
- Dependent on the choice in optionsfw.cgi this loop will either log or not log the
dropped hostile traffic.
Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
src/initscripts/system/firewall | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
@@ -177,7 +177,9 @@ iptables_init() {
iptables -A OUTPUT -j HOSTILE
iptables -N HOSTILE_DROP
- iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+ if [ "$LOGDROPHOSTILE" == "on" ]; then
+ iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+ fi
iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
# IP Address Blocklist chains