firewall: Add chains for IPS (suricata)

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-23 01:12:57 +02:00 · 2018-08-16 18:50:39 +02:00
parent cc60d3dfd3
commit 7c82ee6165
1 changed files with 5 additions and 0 deletions
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,6 +185,11 @@ iptables_init() {
 	iptables -A INPUT -j GUARDIAN
 	iptables -A FORWARD -j GUARDIAN

+	# IPS (suricata) chains
+	iptables -N IPS
+	iptables -A INPUT -j IPS
+	iptables -A FORWARD -j IPS
+
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK