[Ipcop-svn] SF.net SVN: ipcop:[2798] ipcop/trunk/src/rc.d/rc.firewall

Tue, 05 May 2009 10:56:03 -0700 

Revision: 2798
          http://ipcop.svn.sourceforge.net/ipcop/?rev=2798&view=rev
Author:   owes
Date:     2009-05-05 17:55:23 +0000 (Tue, 05 May 2009)

Log Message:
-----------
REDFORWARD (DMZ -> internet) is now handled in FW_IPCOP_FORWARD and follows the 
policy settings for Orange

Modified Paths:
--------------
    ipcop/trunk/src/rc.d/rc.firewall

Modified: ipcop/trunk/src/rc.d/rc.firewall
===================================================================
--- ipcop/trunk/src/rc.d/rc.firewall    2009-05-05 12:46:45 UTC (rev 2797)
+++ ipcop/trunk/src/rc.d/rc.firewall    2009-05-05 17:55:23 UTC (rev 2798)
@@ -73,7 +73,6 @@
 
 iptables_red() {
     /sbin/iptables -F REDINPUT
-    /sbin/iptables -F REDFORWARD
     /sbin/iptables -t nat -F REDNAT
 
     # PPPoE / PPTP Device
@@ -96,16 +95,6 @@
         /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 
68 -i $DEVICE -j ACCEPT
     fi
 
-    # Orange pinholes
-    if [ 0$ORANGE_COUNT -gt 0 ]; then
-        # This rule enables a host on ORANGE network to connect to the outside
-        # (only if we have a red connection)
-        if [ "$IFACE" != "" ]; then
-            /sbin/iptables -A REDFORWARD -i $ORANGE_1_DEV -p tcp -o $IFACE -j 
ACCEPT
-            /sbin/iptables -A REDFORWARD -i $ORANGE_1_DEV -p udp -o $IFACE -j 
ACCEPT
-        fi
-    fi
-
     if [ "$IFACE" != "" -a -f /var/ipcop/red/active ]; then
         # DHCP
         if [ 0$RED_COUNT -gt 0 -a "$RED_1_TYPE" == "DHCP" ]; then
@@ -195,8 +184,6 @@
     # RED chain, used for the red interface
     /sbin/iptables -N REDINPUT
     /sbin/iptables -A INPUT -j REDINPUT
-    /sbin/iptables -N REDFORWARD
-    /sbin/iptables -A FORWARD -j REDFORWARD
     /sbin/iptables -t nat -N REDNAT
     /sbin/iptables -t nat -A POSTROUTING -j REDNAT
 


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

Reply via email to