]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5da15c5) | patch
firewall: Move the IPS back to INPUT/FORWARD/OUTPUT
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 17 Sep 2024 02:04:07 +0000 (04:04 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 24 Sep 2024 08:44:24 +0000 (08:44 +0000)
commitcf44d8d149dbda8aa8dccd89dd5e3ff75af628b9
treea879e776d594a0704e712308be3e55061b8a4fbdtree
parent5da15c5d3b1772f133d10a309d99b3588b98be0fcommit | diff
firewall: Move the IPS back to INPUT/FORWARD/OUTPUT

We cannot use the PREROUTING/POSTROUTING chains here because Suricata
will fail to track NAT-ed connections.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/firewall diff | blob | blame | history
IPFire 2.x development tree