firewall: Always initialise DROP_HOSTILE chain, even if it's unused

This ensures collectd can keep track of it, and generate the RRD graphs
correctly.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index ebc8168ae7e219c6dea70bbf1e04001f4153fb5d..1effbf51eb31c4318fd04b3518d4d254e7a4be0a 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -141,8 +141,8 @@ iptables_init() {
 
        # Log and drop any traffic from and to networks known as being hostile, posing
        # a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
+       iptables -N DROP_HOSTILE
        if [ "$DROPHOSTILE" == "on" ]; then
-               iptables -N DROP_HOSTILE
                iptables -A DROP_HOSTILE  -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
 
                iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE