]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commit
projects / people / ms / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e68554) | patch
firewall: Move the IPS back to INPUT/FORWARD/OUTPUT
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 17 Sep 2024 02:04:07 +0000 (04:04 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 21 Sep 2024 10:25:05 +0000 (12:25 +0200)
commit225bd32f5b80b7d8a8ee07b2a9b321ffa7bacf7c
tree9e78cbfd70185de7524c9a58700359af1725da71tree
parent7e685543ec66eef9bdf1f7fff2d20284cda131c2commit | diff
firewall: Move the IPS back to INPUT/FORWARD/OUTPUT

We cannot use the PREROUTING/POSTROUTING chains here because Suricata
will fail to track NAT-ed connections.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/firewall diff | blob | blame | history
Michael's tree of IPFire 2.x.