suricata: Scan outgoing traffic, too

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 29 Jan 2019 12:03:37 +0000 (12:03 +0000)

committer Stefan Schantl <stefan.schantl@ipfire.org>

Tue, 29 Jan 2019 13:08:51 +0000 (14:08 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 29 Jan 2019 12:03:37 +0000 (12:03 +0000)
committer Stefan Schantl <stefan.schantl@ipfire.org>
Tue, 29 Jan 2019 13:08:51 +0000 (14:08 +0100)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall

index 9a79cb1aa98e8ae814ca1f1217ce1b0097adea98..a4fcee2ce10ccfa2f3d2251c051b2477e05a8fba 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -189,6 +189,7 @@ iptables_init() {
         iptables -N IPS
         iptables -A INPUT -j IPS
         iptables -A FORWARD -j IPS
+       iptables -A OUTPUT -j IPS
  
         # Block non-established IPsec networks
         iptables -N IPSECBLOCK
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 29 Jan 2019 12:03:37 +0000 (12:03 +0000)
committer	Stefan Schantl <stefan.schantl@ipfire.org>
	Tue, 29 Jan 2019 13:08:51 +0000 (14:08 +0100)