X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;ds=sidebyside;f=src%2Finitscripts%2Fsystem%2Ffirewall;h=be6c9169f36ff42c125e860b8d9be87c88663a4b;hb=01604708c386da93713cffadb3d5d40665f62ec9;hp=2739a683432b12803b180367070019d83204a2f9;hpb=50d1bbf0f56b76148f10bbe2195df45ad3b60cb3;p=ipfire-2.x.git

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 2739a68343..be6c9169f3 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,6 +185,12 @@ iptables_init() {
 	iptables -A INPUT -j GUARDIAN
 	iptables -A FORWARD -j GUARDIAN
 
+	# IPS (suricata) chains
+	iptables -N IPS
+	iptables -A INPUT -j IPS
+	iptables -A FORWARD -j IPS
+	iptables -A OUTPUT -j IPS
+
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
@@ -294,9 +300,11 @@ iptables_init() {
 	iptables -N OVPNINPUT
 	iptables -A INPUT -j OVPNINPUT
 
-	# Tor
+	# Tor (inbound and outbound)
 	iptables -N TOR_INPUT
 	iptables -A INPUT -j TOR_INPUT
+	iptables -N TOR_OUTPUT
+	iptables -A OUTPUT -j TOR_OUTPUT
 	
 	# Jump into the actual firewall ruleset.
 	iptables -N INPUTFW