p2pblock: ipp2p must run before CONNTRACK.

And can only used for blocking, not for accept conenections bacause connections must already established for detecting protocol types.
2026-04-20 16:02:59 +02:00 · 2014-10-04 14:18:16 +02:00
parent e43b21264f
commit 2a5b19c56f
3 changed files with 9 additions and 13 deletions
--- a/src/initscripts/init.d/dhcrelay
+++ b/src/initscripts/init.d/dhcrelay
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -104,6 +104,12 @@ iptables_init() {
 	iptables -t nat -N CUSTOMPOSTROUTING
 	iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING

+	# P2PBLOCK
+	iptables -N P2PBLOCK
+	iptables -A INPUT -j P2PBLOCK
+	iptables -A FORWARD -j P2PBLOCK
+	iptables -A OUTPUT -j P2PBLOCK
+	
 	# Guardian (IPS) chains
 	iptables -N GUARDIAN
 	iptables -A INPUT -j GUARDIAN