Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org Acked-by: Bernhard Bitsch bbitsch@ipfire.org
Am 21.01.2024 um 12:45 schrieb Adolf Belka:
- This changes the action from HOSTILE_DROP to HOSTILE_DROP_IN for icnoming traffic and HOSTILE_DROP_OUT for outgoing traffic enabling logging decisions to be taken on each independently.
Fixes: bug12981 Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/firewall/rules.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 7edb910e2..a47c260a1 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -726,8 +726,8 @@ sub drop_hostile_networks () { &ipset_restore($HOSTILE_CCODE);
# Check traffic in incoming/outgoing direction and drop if it matches
- run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP");
- run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP");
run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP_IN");
run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP_OUT"); }
sub ipblocklist () {