From f62d6b5b70015980a36dbe2f874ece4ed445b111 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 22 Nov 2015 09:58:56 +0000
Subject: [PATCH] disable firewall logging by default

---
 files/etc/systemd/system/firewall.service | 1 +
 files/usr/local/bin/firewall              | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/files/etc/systemd/system/firewall.service b/files/etc/systemd/system/firewall.service
index 5643184..4d9844b 100644
--- a/files/etc/systemd/system/firewall.service
+++ b/files/etc/systemd/system/firewall.service
@@ -6,6 +6,7 @@ Before=sysinit.target
 
 [Service]
 Type=oneshot
+EnvironmentFile=-/etc/default/firewall
 ExecStart=/usr/local/bin/firewall start
 ExecReload=/usr/local/bin/firewall reload
 #ExecStop=/etc/iptables/flush-iptables.sh
diff --git a/files/usr/local/bin/firewall b/files/usr/local/bin/firewall
index 633a368..05865fa 100755
--- a/files/usr/local/bin/firewall
+++ b/files/usr/local/bin/firewall
@@ -7,7 +7,8 @@
 # environment.  Useful in combination with /etc/default or some
 # equivalent mechanism.
 FW_DIR="${FW_DIR:-/etc/firewall}"
-DO_LOG="${DO_LOG:-1}"
+ENABLE_LOG="${ENABLE_LOG:-0}"
+ENABLE_IPV6="${ENABLE_IPV6:-1}"
 LOG_RATE="${LOG_RATE:-5/min}"
 
 TABLES="filter nat mangle"
@@ -214,7 +215,7 @@ generate_filter() {
     add_rule -A INPUT -j user-input
 
     # Logging.
-    if [ "${DO_LOG}" -eq 1 ]; then
+    if [ "${ENABLE_LOG}" -eq 1 ]; then
         create_chain log-deny
         add_rule -A log-deny -j LOG --log-prefix 'deny: '
         add_rule -A INPUT -j log-deny -m limit --limit "${LOG_RATE}" --limit-burst 5
@@ -252,7 +253,9 @@ load() {
         cat ${v6rules}
     else
         /sbin/iptables-restore <${v4rules}
-        /sbin/ip6tables-restore <${v6rules}
+        if [ "${ENABLE_IPV6}" -eq 1 ]; then
+            /sbin/ip6tables-restore <${v6rules}
+        fi
     fi
 }
 
-- 
GitLab