From e1047e9c47a5f87daf4fe812ab252192f2cfdb1a Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Fri, 30 Oct 2020 15:00:46 +0100
Subject: [PATCH] Some more or less minor changes..

---
 ip6t-firewall-server | 10 ++++++----
 ipt-firewall-server  | 10 ++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/ip6t-firewall-server b/ip6t-firewall-server
index a8af6e1..66c4f0c 100755
--- a/ip6t-firewall-server
+++ b/ip6t-firewall-server
@@ -311,14 +311,12 @@ echononl "\tPass through Devices (not firewalled)"
 if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
    for _dev in ${unprotected_if_arr[@]} ; do
       if $log_unprotected || $log_all ; then
-         $ip6t -A INPUT -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
+         $ip6t -t mangle -A PREROUTING -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
          $ip6t -A OUTPUT -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
-         $ip6t -A FORWARD -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
          $ip6t -A FORWARD -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
       fi
-      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -t mangle -A PREROUTING -i $_dev -j ACCEPT
       $ip6t -A OUTPUT -o $_dev -j ACCEPT
-      $ip6t -A FORWARD -i $_dev -j ACCEPT
       $ip6t -A FORWARD -o $_dev -j ACCEPT
    done
    echo_done
@@ -334,6 +332,10 @@ fi
 echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
 if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
    for _ip in ${forward_private_ip_arr[@]}; do
+      if $log_forwarding_priv_ip || $log_all ; then
+         $ip6t -t mangle -A PREROUTING -d $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Accept priv ip $_ip: "
+         $ip6t -t mangle -A PREROUTING-s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Accept priv ip $_ip: "
+      fi
       $ip6t -t mangle -A PREROUTING -d $_ip -j ACCEPT
       $ip6t -t mangle -A PREROUTING-s $_ip -j ACCEPT
    done
diff --git a/ipt-firewall-server b/ipt-firewall-server
index 92538e4..f20d45e 100755
--- a/ipt-firewall-server
+++ b/ipt-firewall-server
@@ -371,14 +371,12 @@ echononl "\tPass through Devices (not firewalled)"
 if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
    for _dev in ${unprotected_if_arr[@]} ; do
       if $log_unprotected || $log_all ; then
-         $ipt -A INPUT -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
+         $ipt -t mangle -A PREROUTING -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
          $ipt -A OUTPUT -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
-         $ipt -A FORWARD -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
          $ipt -A FORWARD -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
       fi
-      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -t mangle -A PREROUTING -i $_dev -j ACCEPT
       $ipt -A OUTPUT -o $_dev -j ACCEPT
-      $ipt -A FORWARD -i $_dev -j ACCEPT
       $ipt -A FORWARD -o $_dev -j ACCEPT
    done
    echo_done
@@ -394,6 +392,10 @@ fi
 echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
 if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
    for _ip in ${forward_private_ip_arr[@]}; do
+      if $log_forwarding_priv_ip || $log_all ; then
+         $ipt -t mangle -A PREROUTING -d $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Accept priv ip $_ip: "
+         $ipt -t mangle -A PREROUTING -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Accept priv ip $_ip: "
+      fi
       $ipt -t mangle -A PREROUTING -d $_ip -j ACCEPT
       $ipt -t mangle -A PREROUTING -s $_ip -j ACCEPT
    done