webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 08:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Always initialise DROP_HOSTILE chain, even if it's unused

Browse Source 
This ensures collectd can keep track of it, and generate the RRD graphs
correctly.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
Peter Müller
2022-01-29 15:56:54 +00:00
parent 15de7a78fe
commit 92c53b3e0a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/initscripts/system/firewall
View File

@@ -141,8 +141,8 @@ iptables_init() {
# Log and drop any traffic from and to networks known as being hostile, posing
# a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
iptables -N DROP_HOSTILE
if [ "$DROPHOSTILE" == "on" ]; then
iptables -N DROP_HOSTILE
iptables -A DROP_HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE