git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

projects / people / ms / ipfire-2.x.git / commit

author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 10 Sep 2024 09:37:38 +0000 (11:37 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 21 Sep 2024 10:25:05 +0000 (12:25 +0200)
commit	416dac48e81a968a92ac8f95b0a09f69f6816621
tree	dffcaf5fb6593f7ef5ece8dacce0d459d2382cfd	tree
parent	0b0540760c4fa98469cb31bc1311b774617ac29e	commit \| diff

firewall: Move the IPS after the NAT marking

This is because we might still land in the scenario where Suricata
crashes and NFQUEUE will simply ACCEPT all packets which will terminate
the processing of the mangle table.

Therefore the NFQUEUE rule should be the last one so that we never skip
any of the other processing.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/initscripts/system/firewall

diff | blob | blame | history

Michael's tree of IPFire 2.x.

RSS Atom