firewall: Make blocking all traffic impossible on HOSTILE
The current setup can fail and block all traffic on RED if the RETURN
rules could not be created.
This can happen when the kernel fails to load the ipset module, as it is
the case after upgrading to a new kernel. Restarting the firewall will
cause that the system is being cut off the internet.
This design now changes that if those rules cannot be created, the
DROP_HOSTILE feature is just inactive, but it would not disrupt any
traffic.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
projects / people / ms / ipfire-2.x.git / commit
