From f0e15b992b2c35cc1aeb6fbc30da4f3ab85fb02a Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Tue, 24 Dec 2024 17:16:35 +0100
Subject: [PATCH] Fix error for not firewalled interfaces.

---
 conf/main_ipv4.conf.sample | 2 +-
 conf/main_ipv6.conf.sample | 2 +-
 ip6t-firewall-server       | 2 ++
 ipt-firewall-server        | 8 ++------
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample
index 27d45d9..7c79848 100644
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@@ -40,7 +40,7 @@ drop_icmp=false
 # --- Allow all outgoing traffic
 # -------------
 
-# - unprotected_ifs
+# - allow_all_outgoing_traffic
 # - 
 # - Posiible values are 'true' and 'false'
 # -
diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample
index 1470ce8..ef946f9 100644
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@@ -40,7 +40,7 @@ drop_icmp=false
 # --- Allow all outgoing traffic
 # -------------
 
-# - unprotected_ifs
+# - allow_all_outgoing_traffic
 # - 
 # - Posiible values are 'true' and 'false'
 # -
diff --git a/ip6t-firewall-server b/ip6t-firewall-server
index c027ee5..7069985 100755
--- a/ip6t-firewall-server
+++ b/ip6t-firewall-server
@@ -372,10 +372,12 @@ if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
       if $log_unprotected || $log_all ; then
          $ip6t -t mangle -A PREROUTING -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
          $ip6t -A OUTPUT -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
+         $ip6t -A INPUT -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
          $ip6t -A FORWARD -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
       fi
       $ip6t -t mangle -A PREROUTING -i $_dev -j ACCEPT
       $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      $ip6t -A INPUT -i $_dev -j ACCEPT
       $ip6t -A FORWARD -o $_dev -j ACCEPT
    done
    echo_done
diff --git a/ipt-firewall-server b/ipt-firewall-server
index 3dcc91e..b295118 100755
--- a/ipt-firewall-server
+++ b/ipt-firewall-server
@@ -432,10 +432,12 @@ if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
       if $log_unprotected || $log_all ; then
          $ipt -t mangle -A PREROUTING -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
          $ipt -A OUTPUT -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
+         $ipt -A INPUT -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
          $ipt -A FORWARD -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
       fi
       $ipt -t mangle -A PREROUTING -i $_dev -j ACCEPT
       $ipt -A OUTPUT -o $_dev -j ACCEPT
+      $ipt -A INPUT -i $_dev -j ACCEPT
       $ipt -A FORWARD -o $_dev -j ACCEPT
    done
    echo_done
@@ -1267,12 +1269,6 @@ else
    echo_skipped
 fi
 
-# - unprotected_ifs
-# -
-# - Posiible values are 'true' and 'false'
-# -
-allow_all_outgoing_traffic=false
-
 
 # ---
 # - Don't allow traffic into private networks