From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Date: Sun, 3 Apr 2022 11:44:44 +0000 (+0200)
Subject: firewall: Add ipblocklist related chains.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be0ba43493077c1a909c469b488abff541aaa983;p=people%2Fstevee%2Fipfire-2.x.git

firewall: Add ipblocklist related chains.

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 2597dae108..dfa08d58b6 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -180,6 +180,14 @@ iptables_init() {
 	iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
 	iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
 
+	# IP Address Blocklist chains
+	iptables -N BLOCKLISTIN
+	iptables -N BLOCKLISTOUT
+	iptables -A INPUT ! -p icmp -j BLOCKLISTIN
+	iptables -A FORWARD ! -p icmp -j BLOCKLISTIN
+	iptables -A FORWARD ! -p icmp -j BLOCKLISTOUT
+	iptables -A OUTPUT ! -p icmp -j BLOCKLISTOUT
+
 	# IPS (Guardian) chains
 	iptables -N GUARDIAN
 	iptables -A INPUT -j GUARDIAN