This will affect new IPFire installations only, implementing a long-standing BCP for preemptively combating botnet spam. Reject is chosen over drop to reduce the likelihood for confusion during network troubleshooting.
Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Tested-by: Peter Müller peter.mueller@ipfire.org --- config/firewall/config | 1 + lfs/configroot | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 config/firewall/config
diff --git a/config/firewall/config b/config/firewall/config new file mode 100644 index 000000000..c871576f2 --- /dev/null +++ b/config/firewall/config @@ -0,0 +1 @@ +1,REJECT,FORWARDFW,ON,std_net_src,ALL,std_net_tgt,RED,,TCP,,,ON,,,cust_srv,SMTP,Block port 25 (TCP) for outgoing connections to the internet,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second diff --git a/lfs/configroot b/lfs/configroot index 2c09ae4a8..66efe04b5 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -64,7 +64,7 @@ $(TARGET) : for i in auth/users backup/include.user backup/exclude.user \ captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \ dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dns/servers dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ - ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/locationblock firewall/input firewall/outgoing \ + ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/locationblock firewall/input firewall/outgoing \ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \ ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ @@ -102,6 +102,7 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/ + cp $(DIR_SRC)/config/firewall/config $(CONFIG_ROOT)/firewall/config cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz