Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Acked-by: Bernhard Bitsch <bbitsch(a)ipfire.org>

Am 21.01.2024 um 12:45 schrieb Adolf Belka:
> - This changes the action from HOSTILE_DROP to HOSTILE_DROP_IN for icnoming traffic and
>     HOSTILE_DROP_OUT for outgoing traffic enabling logging decisions to be taken on each
>     independently.
> 
> Fixes: bug12981
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   config/firewall/rules.pl | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 7edb910e2..a47c260a1 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -2,7 +2,7 @@
>   ###############################################################################
>   #                                                                             #
>   # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2020  IPFire Team  <info(a)ipfire.org>                     #
> +# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
>   #                                                                             #
>   # This program is free software: you can redistribute it and/or modify        #
>   # it under the terms of the GNU General Public License as published by        #
> @@ -726,8 +726,8 @@ sub drop_hostile_networks () {
>   	&ipset_restore($HOSTILE_CCODE);
>   
>   	# Check traffic in incoming/outgoing direction and drop if it matches
> -	run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP");
> -	run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP");
> +	run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP_IN");
> +	run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP_OUT");
>   }
>   
>   sub ipblocklist () {