rules.pl: Fixes bug12981 - Add in and out specific actions for drop hostile

[ipfire-2.x.git] / config / firewall / rules.pl

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 7edb910e2d6e649396c38071380f796112d9e013..a47c260a152647ab9c740578d4e3c0f27beb0d0a 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -726,8 +726,8 @@ sub drop_hostile_networks () {
        &ipset_restore($HOSTILE_CCODE);
 
        # Check traffic in incoming/outgoing direction and drop if it matches
-       run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP");
-       run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP");
+       run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP_IN");
+       run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP_OUT");
 }
 
 sub ipblocklist () {