From 7987879e21b7fb5369b9b74d3173ff3949d7f89a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Tue, 15 Feb 2022 18:18:31 +0000 Subject: [PATCH] firewall: Get rid of xt_geoip for DROP_HOSTILE MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This is required to drop xtables-addons altogether. Cc: Stefan Schantl Signed-off-by: Peter Müller --- src/initscripts/system/firewall | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 2ac7db09b1..adb2240bbe 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -147,10 +147,10 @@ iptables_init() { iptables -N HOSTILE if [ "$DROPHOSTILE" == "on" ]; then iptables -A HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " - iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j HOSTILE - iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j HOSTILE - iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j HOSTILE - iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j HOSTILE + iptables -A INPUT -i $IFACE -m set --match-set CC_XD src -j HOSTILE + iptables -A FORWARD -i $IFACE -m set --match-set CC_XD src -j HOSTILE + iptables -A FORWARD -o $IFACE -m set --match-set CC_XD dst -j HOSTILE + iptables -A OUTPUT -o $IFACE -m set --match-set CC_XD src -j HOSTILE fi iptables -A HOSTILE -j DROP -m comment --comment "DROP_HOSTILE" -- 2.39.5