Skip to content
Snippets Groups Projects
Commit f62d6b5b authored by ale's avatar ale
Browse files

disable firewall logging by default

parent 5ae77a7d
Branches master
No related tags found
No related merge requests found
......@@ -6,6 +6,7 @@ Before=sysinit.target
[Service]
Type=oneshot
EnvironmentFile=-/etc/default/firewall
ExecStart=/usr/local/bin/firewall start
ExecReload=/usr/local/bin/firewall reload
#ExecStop=/etc/iptables/flush-iptables.sh
......
......@@ -7,7 +7,8 @@
# environment. Useful in combination with /etc/default or some
# equivalent mechanism.
FW_DIR="${FW_DIR:-/etc/firewall}"
DO_LOG="${DO_LOG:-1}"
ENABLE_LOG="${ENABLE_LOG:-0}"
ENABLE_IPV6="${ENABLE_IPV6:-1}"
LOG_RATE="${LOG_RATE:-5/min}"
TABLES="filter nat mangle"
......@@ -214,7 +215,7 @@ generate_filter() {
add_rule -A INPUT -j user-input
# Logging.
if [ "${DO_LOG}" -eq 1 ]; then
if [ "${ENABLE_LOG}" -eq 1 ]; then
create_chain log-deny
add_rule -A log-deny -j LOG --log-prefix 'deny: '
add_rule -A INPUT -j log-deny -m limit --limit "${LOG_RATE}" --limit-burst 5
......@@ -252,8 +253,10 @@ load() {
cat ${v6rules}
else
/sbin/iptables-restore <${v4rules}
if [ "${ENABLE_IPV6}" -eq 1 ]; then
/sbin/ip6tables-restore <${v6rules}
fi
fi
}
dry_run=0
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment