Package: firestarter / 1.0.3-11

20_allow_localhost_when_locked.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
From: Paul Cupis  <paul@cupis.co.uk>
Subject: Allow localhost traffic when firewall is locked (closes: #479224)

---
 src/scriptwriter.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/src/scriptwriter.c
+++ b/src/scriptwriter.c
@@ -239,11 +239,13 @@
 
 	fprintf (f, "# Lock the firewall, blocking all traffic\n"
 		    "lock_firewall () {\n"
+		    "	$IPT -F;\n"
+		    "	$IPT -X\n"
+		    "	$IPT -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT\n"
+		    "	$IPT -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT\n"
 		    "	$IPT -P INPUT DROP\n"
 		    "	$IPT -P FORWARD DROP\n"
 		    "	$IPT -P OUTPUT DROP\n"
-		    "	$IPT -F;\n"
-		    "	$IPT -X\n"
 		    "	$IPT -Z\n"
 		    "	retval=$?\n"
 		    "	if [ $? -eq 0 ]; then\n"