]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/initscripts/system/firewall
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote-tracking branch 'stevee/next-suricata' into next
[people/pmueller/ipfire-2.x.git] / src / initscripts / system / firewall
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index cb533cc94b12f2ee3c4368500bb7adbf20d8a490..be6c9169f36ff42c125e860b8d9be87c88663a4b 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,6 +185,12 @@ iptables_init() {
        iptables -A INPUT -j GUARDIAN
        iptables -A FORWARD -j GUARDIAN
 
+       # IPS (suricata) chains
+       iptables -N IPS
+       iptables -A INPUT -j IPS
+       iptables -A FORWARD -j IPS
+       iptables -A OUTPUT -j IPS
+
        # Block non-established IPsec networks
        iptables -N IPSECBLOCK
        iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
Peter's tree of IPFire 2.x