Simplify log_exceptions function to do one job.

abenson · Nov 20, 2015 · 5f5a823 · 5f5a823
1 parent 295aa37
commit 5f5a823
Showing 1 changed file with 15 additions and 10 deletions.
diff --git a/hostfw.sh b/hostfw.sh
@@ -193,14 +193,9 @@ set_policy()
 
 log_exceptions()
 {
-	if [ $LOGEXCEPT -eq 1 ]; then
-		if [ $PRINTSTATUS -eq 1 ]; then
-			echo "Logging exceptions..."
-		fi
-		$IPTABLES -A INPUT -m limit --limit 5/min -j LOG
-		$IPTABLES -A OUTPUT -m limit --limit 5/min -j LOG
-		$IPTABLES -A FORWARD -m limit --limit 5/min -j LOG
-	fi
+	$IPTABLES -A INPUT -m limit --limit 5/min -j LOG
+	$IPTABLES -A OUTPUT -m limit --limit 5/min -j LOG
+	$IPTABLES -A FORWARD -m limit --limit 5/min -j LOG
 }
 
 # Setup for autotrust.
@@ -250,15 +245,25 @@ if [ $DENYALL -eq 1 ]; then
 		echo "Disallowing all..."
 	fi
 	set_policy 'DROP'
-	log_exceptions
+	if [ $LOGEXCEPT -eq 1 ]; then
+		if [ $PRINTSTATUS -eq 1 ]; then
+			echo "Logging exceptions..."
+		fi
+		log_exceptions
+	fi
 	exit
 fi
 
 # Setting defaults. STIGs say DROP by default.
 flush_rules
 set_policy 'DROP'
 
-log_exceptions
+if [ $LOGEXCEPT -eq 1 ]; then
+	if [ $PRINTSTATUS -eq 1 ]; then
+		echo "Logging exceptions..."
+	fi
+	log_exceptions
+fi
 
 if [ $RESETCONN -eq 1 ]; then
 	if [ $PRINTSTATUS -eq 1 ]; then