From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Thu, 16 Aug 2018 16:50:39 +0000 (+0200)
Subject: firewall: Add chains for IPS (suricata)
X-Git-Tag: suricata-beta3~33^2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c82ee6165d04597c371944490b085c240482424;p=people%2Fstevee%2Fipfire-2.x.git

firewall: Add chains for IPS (suricata)

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 707209987e..9a79cb1aa9 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,6 +185,11 @@ iptables_init() {
 	iptables -A INPUT -j GUARDIAN
 	iptables -A FORWARD -j GUARDIAN
 
+	# IPS (suricata) chains
+	iptables -N IPS
+	iptables -A INPUT -j IPS
+	iptables -A FORWARD -j IPS
+
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK