webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 10:35:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Move the IPS back to INPUT/FORWARD/OUTPUT

Browse Source 
We cannot use the PREROUTING/POSTROUTING chains here because Suricata
will fail to track NAT-ed connections.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2024-09-17 04:04:07 +02:00
parent 5da15c5d3b
commit cf44d8d149
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/initscripts/system/firewall
View File

@@ -378,7 +378,7 @@ iptables_init() {
# IPS (Suricata) chains
iptables -t mangle -N IPS
for chain in PREROUTING POSTROUTING; do
for chain in INPUT FORWARD OUTPUT; do
iptables -t mangle -A "${chain}" -j IPS
done