configroot: Drop traffic from and to hostile networks by default

author Peter Müller <peter.mueller@ipfire.org>

Sat, 18 Dec 2021 13:50:27 +0000 (14:50 +0100)

committer Peter Müller <peter.mueller@ipfire.org>

Fri, 14 Jan 2022 14:17:14 +0000 (14:17 +0000)
author Peter Müller <peter.mueller@ipfire.org>
Sat, 18 Dec 2021 13:50:27 +0000 (14:50 +0100)
committer Peter Müller <peter.mueller@ipfire.org>
Fri, 14 Jan 2022 14:17:14 +0000 (14:17 +0000)
diff --git a/lfs/configroot b/lfs/configroot

index a56816143339024c4a8ad24cfecf6fe517aa0b63..9f3188aab9e28b29c134eca51a56dc1d9f37ac2f 100644 (file)
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -131,6 +131,7 @@ $(TARGET) :
         echo  "DROPWIRELESSINPUT=on"    >> $(CONFIG_ROOT)/optionsfw/settings
         echo  "DROPWIRELESSFORWARD=on"  >> $(CONFIG_ROOT)/optionsfw/settings
         echo  "DROPSPOOFEDMARTIAN=on"   >> $(CONFIG_ROOT)/optionsfw/settings
+       echo  "DROPHOSTILE=on"          >> $(CONFIG_ROOT)/optionsfw/settings
         echo  "POLICY=MODE2"            >> $(CONFIG_ROOT)/firewall/settings
         echo  "POLICY1=MODE2"           >> $(CONFIG_ROOT)/firewall/settings
         echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings
author	Peter Müller <peter.mueller@ipfire.org>
	Sat, 18 Dec 2021 13:50:27 +0000 (14:50 +0100)
committer	Peter Müller <peter.mueller@ipfire.org>
	Fri, 14 Jan 2022 14:17:14 +0000 (14:17 +0000)