From 17c2c09bcc50376ef805a194eec8688a3dfcbc29 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 29 Jan 2019 12:03:37 +0000
Subject: [PATCH] suricata: Scan outgoing traffic, too

Connections from the firewall and through the proxy must be filtered, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/initscripts/system/firewall | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 9a79cb1aa9..a4fcee2ce1 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -189,6 +189,7 @@ iptables_init() {
 	iptables -N IPS
 	iptables -A INPUT -j IPS
 	iptables -A FORWARD -j IPS
+	iptables -A OUTPUT -j IPS
 
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK
-- 
2.39.2