From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 29 Jan 2019 12:03:37 +0000 (+0000)
Subject: suricata: Scan outgoing traffic, too
X-Git-Tag: v2.23-core131~117^2~94
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=17c2c09bcc50376ef805a194eec8688a3dfcbc29

suricata: Scan outgoing traffic, too

Connections from the firewall and through the proxy must be filtered, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 9a79cb1aa9..a4fcee2ce1 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -189,6 +189,7 @@ iptables_init() {
 	iptables -N IPS
 	iptables -A INPUT -j IPS
 	iptables -A FORWARD -j IPS
+	iptables -A OUTPUT -j IPS
 
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK