From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Scan outgoing traffic, too
Date: Tue, 29 Jan 2019 12:03:37 +0000
Message-ID: <1548763417-4998-1-git-send-email-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8980932875803256913=="
List-Id: <development.lists.ipfire.org>

--===============8980932875803256913==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Connections from the firewall and through the proxy must be filtered, too

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/initscripts/system/firewall | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 9a79cb1..a4fcee2 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -189,6 +189,7 @@ iptables_init() {
 	iptables -N IPS
 	iptables -A INPUT -j IPS
 	iptables -A FORWARD -j IPS
+	iptables -A OUTPUT -j IPS
 
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK
-- 
2.6.3


--===============8980932875803256913==--