]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc60d3d)
firewall: Add chains for IPS (suricata)
authorStefan Schantl <stefan.schantl@ipfire.org>
Thu, 16 Aug 2018 16:50:39 +0000 (18:50 +0200)
committerStefan Schantl <stefan.schantl@ipfire.org>
Thu, 16 Aug 2018 16:50:39 +0000 (18:50 +0200)
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
src/initscripts/system/firewall patch | blob | blame | history

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 707209987e46fee56fcaca2c111a6a2c00f61235..9a79cb1aa98e8ae814ca1f1217ce1b0097adea98 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,6 +185,11 @@ iptables_init() {
        iptables -A INPUT -j GUARDIAN
        iptables -A FORWARD -j GUARDIAN
 
+       # IPS (suricata) chains
+       iptables -N IPS
+       iptables -A INPUT -j IPS
+       iptables -A FORWARD -j IPS
+
        # Block non-established IPsec networks
        iptables -N IPSECBLOCK
        iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
IPFire 2.x development tree