diff mbox series

apply default firewall policy for ORANGE, too

Message ID c1d0f015-db7a-cbc6-a003-206e4e16e541@ipfire.org
State Accepted
Commit e01e07ec8b770eb849a42ad3f8c0f67e55faf905
Headers
Series apply default firewall policy for ORANGE, too |

Commit Message

Peter Müller Feb. 7, 2019, 8 a.m. UTC 
  If firewall default policy is set to DROP, this setting was not
applied to outgoing ORANGE traffic as well, which was misleading.

Fixes #11973

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Oliver Fuhrer <oliver.fuhrer@bluewin.ch>
---
 src/initscripts/system/firewall | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)
diff mbox series

Patch

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 707209987..b9dd3485e 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -294,7 +294,7 @@  iptables_init() {
 	iptables -N OVPNINPUT
 	iptables -A INPUT -j OVPNINPUT
 
-	# TOR
+	# Tor
 	iptables -N TOR_INPUT
 	iptables -A INPUT -j TOR_INPUT
 	
@@ -414,15 +414,6 @@  iptables_red_up() {
 		iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
 	fi
 
-	# Orange pinholes
-	if [ "$ORANGE_DEV" != "" ]; then
-		# This rule enables a host on ORANGE network to connect to the outside
-		# (only if we have a red connection)
-		if [ "$IFACE" != "" ]; then
-			iptables -A REDFORWARD -i $ORANGE_DEV -o $IFACE -j ACCEPT
-		fi
-	fi
-
 	if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then
 		# DHCP
 		if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
@@ -470,7 +461,7 @@  iptables_red_up() {
 
 iptables_red_down() {
 	# Prohibit packets to reach the masquerading rule
-	# while the wan interface is down - this is required to
+	# while the WAN interface is down - this is required to
 	# circumvent udp related NAT issues
 	# http://forum.ipfire.org/index.php?topic=11127.0
 	if [ -n "${IFACE}" ]; then