Merge remote-tracking branch 'stevee/next-suricata' into next

2026-05-04 11:01:27 +02:00 · 2019-03-14 13:19:35 +00:00
parent c578cbd35f e776d33c70
commit 01604708c3
57 changed files with 4660 additions and 1678 deletions
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,6 +185,12 @@ iptables_init() {
 	iptables -A INPUT -j GUARDIAN
 	iptables -A FORWARD -j GUARDIAN

+	# IPS (suricata) chains
+	iptables -N IPS
+	iptables -A INPUT -j IPS
+	iptables -A FORWARD -j IPS
+	iptables -A OUTPUT -j IPS
+
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK