]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/initscripts/system/firewall
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
firewall: Add ipblocklist related chains.
[people/pmueller/ipfire-2.x.git] / src / initscripts / system / firewall
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 2597dae108f490cf3a997fa1a4fc127cf7f2d985..dfa08d58b6adb0d60aea8d31f94c1d58a193e1e0 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -180,6 +180,14 @@ iptables_init() {
        iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
        iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
 
+       # IP Address Blocklist chains
+       iptables -N BLOCKLISTIN
+       iptables -N BLOCKLISTOUT
+       iptables -A INPUT ! -p icmp -j BLOCKLISTIN
+       iptables -A FORWARD ! -p icmp -j BLOCKLISTIN
+       iptables -A FORWARD ! -p icmp -j BLOCKLISTOUT
+       iptables -A OUTPUT ! -p icmp -j BLOCKLISTOUT
+
        # IPS (Guardian) chains
        iptables -N GUARDIAN
        iptables -A INPUT -j GUARDIAN
Peter's tree of IPFire 2.x