From: Peter Müller <peter.mueller@ipfire.org>
Date: Sat, 29 Jan 2022 15:56:54 +0000 (+0000)
Subject: firewall: Always initialise DROP_HOSTILE chain, even if it's unused
X-Git-Tag: v2.27-core164~44^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92c53b3e0a7d772498ff0b1e91078152910e92b4;p=ipfire-2.x.git

firewall: Always initialise DROP_HOSTILE chain, even if it's unused

This ensures collectd can keep track of it, and generate the RRD graphs
correctly.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index ebc8168ae7..1effbf51eb 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -141,8 +141,8 @@ iptables_init() {
 
 	# Log and drop any traffic from and to networks known as being hostile, posing
 	# a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
+	iptables -N DROP_HOSTILE
 	if [ "$DROPHOSTILE" == "on" ]; then
-		iptables -N DROP_HOSTILE
 		iptables -A DROP_HOSTILE  -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
 
 		iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE