From: Adolf Belka Date: Sun, 21 Jan 2024 11:45:48 +0000 (+0100) Subject: rules.pl: Fixes bug12981 - Add in and out specific actions for drop hostile X-Git-Tag: v2.29-core184~12^2~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f23555a1c6acb12fbb626a27c2189dee4cb45c0c;p=ipfire-2.x.git rules.pl: Fixes bug12981 - Add in and out specific actions for drop hostile - This changes the action from HOSTILE_DROP to HOSTILE_DROP_IN for icnoming traffic and HOSTILE_DROP_OUT for outgoing traffic enabling logging decisions to be taken on each independently. Fixes: bug12981 Signed-off-by: Adolf Belka Reviewed-by: Bernhard Bitsch Acked-by: Bernhard Bitsch Signed-off-by: Michael Tremer --- diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 7edb910e2d..a47c260a15 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -726,8 +726,8 @@ sub drop_hostile_networks () { &ipset_restore($HOSTILE_CCODE); # Check traffic in incoming/outgoing direction and drop if it matches - run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP"); - run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP"); + run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP_IN"); + run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP_OUT"); } sub ipblocklist () {