Fix error for not firewalled interfaces.

2024-12-24 17:16:35 +01:00 · 2024-12-24 17:16:35 +01:00 · f0e15b992b
commit f0e15b992b
parent e7311a3963
4 changed files with 6 additions and 8 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -40,7 +40,7 @@ drop_icmp=false
 # --- Allow all outgoing traffic
 # -------------

-# - unprotected_ifs
+# - allow_all_outgoing_traffic
 # - 
 # - Posiible values are 'true' and 'false'
 # -
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -40,7 +40,7 @@ drop_icmp=false
 # --- Allow all outgoing traffic
 # -------------

-# - unprotected_ifs
+# - allow_all_outgoing_traffic
 # - 
 # - Posiible values are 'true' and 'false'
 # -
--- a/2
+++ b/2
@ -372,10 +372,12 @@ if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
      if $log_unprotected || $log_all ; then
         $ip6t -t mangle -A PREROUTING -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
         $ip6t -A OUTPUT -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
+         $ip6t -A INPUT -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
         $ip6t -A FORWARD -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}: "
      fi
      $ip6t -t mangle -A PREROUTING -i $_dev -j ACCEPT
      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      $ip6t -A INPUT -i $_dev -j ACCEPT
      $ip6t -A FORWARD -o $_dev -j ACCEPT
   done
   echo_done
--- a/8
+++ b/8
@ -432,10 +432,12 @@ if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
      if $log_unprotected || $log_all ; then
         $ipt -t mangle -A PREROUTING -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
         $ipt -A OUTPUT -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
+         $ipt -A INPUT -i $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
         $ipt -A FORWARD -o $_dev -j $LOG_TARGET $tag_log_prefix "$log_prefix Not firewalled ${_dev}:"
      fi
      $ipt -t mangle -A PREROUTING -i $_dev -j ACCEPT
      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      $ipt -A INPUT -i $_dev -j ACCEPT
      $ipt -A FORWARD -o $_dev -j ACCEPT
   done
   echo_done
@ -1267,12 +1269,6 @@ else
   echo_skipped
 fi

-# - unprotected_ifs
-# -
-# - Posiible values are 'true' and 'false'
-# -
-allow_all_outgoing_traffic=false
-

 # ---
 # - Don't allow traffic into private networks