]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1b939d0)
firewall: Align chain name to Collectd configuration
authorPeter Müller <peter.mueller@ipfire.org>
Sat, 29 Jan 2022 17:59:31 +0000 (17:59 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Sat, 29 Jan 2022 17:59:31 +0000 (17:59 +0000)
This fixes broken firewall hits graphs.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
src/initscripts/system/firewall patch | blob | blame | history

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 1effbf51eb31c4318fd04b3518d4d254e7a4be0a..7d081bbc36678bbc35a656281b583f41f0ca7bcc 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -141,17 +141,15 @@ iptables_init() {
 
        # Log and drop any traffic from and to networks known as being hostile, posing
        # a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
-       iptables -N DROP_HOSTILE
+       iptables -N HOSTILE
        if [ "$DROPHOSTILE" == "on" ]; then
-               iptables -A DROP_HOSTILE  -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
-
-               iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
-               iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
-               iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j DROP_HOSTILE
-               iptables -A OUTPUT  -o $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
-
-               iptables -A DROP_HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
+               iptables -A HOSTILE -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
+               iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j HOSTILE
+               iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j HOSTILE
+               iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j HOSTILE
+               iptables -A OUTPUT  -o $IFACE -m geoip --src-cc XD -j HOSTILE
        fi
+       iptables -A HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
 
        # P2PBLOCK
        iptables -N P2PBLOCK
IPFire 2.x development tree