From 733267f35accad3de95268b934e6f9fdae13a3f0 Mon Sep 17 00:00:00 2001
From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Date: Sun, 3 Apr 2022 13:44:44 +0200
Subject: [PATCH] firewall: Add ipblocklist related chains.

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/initscripts/system/firewall | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 2597dae108..dfa08d58b6 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -180,6 +180,14 @@ iptables_init() {
 	iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
 	iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
 
+	# IP Address Blocklist chains
+	iptables -N BLOCKLISTIN
+	iptables -N BLOCKLISTOUT
+	iptables -A INPUT ! -p icmp -j BLOCKLISTIN
+	iptables -A FORWARD ! -p icmp -j BLOCKLISTIN
+	iptables -A FORWARD ! -p icmp -j BLOCKLISTOUT
+	iptables -A OUTPUT ! -p icmp -j BLOCKLISTOUT
+
 	# IPS (Guardian) chains
 	iptables -N GUARDIAN
 	iptables -A INPUT -j GUARDIAN
-- 
2.39.2