# Chains for networks known as being hostile, posing a technical threat to our users
# (i. e. listed at Spamhaus DROP et al.)
iptables -N HOSTILE
- iptables -A INPUT -i $IFACE -j HOSTILE
- iptables -A FORWARD -i $IFACE -j HOSTILE
- iptables -A FORWARD -o $IFACE -j HOSTILE
- iptables -A OUTPUT -o $IFACE -j HOSTILE
+ iptables -A INPUT -j HOSTILE
+ iptables -A FORWARD -j HOSTILE
+ iptables -A OUTPUT -j HOSTILE
+
+ iptables -N HOSTILE_DROP
+ iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+ iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
# Tor (inbound)
iptables -N TOR_INPUT
projects / ipfire-2.x.git / blobdiff