diff mbox series

suricata: Scan outgoing traffic, too

Message ID 1548763417-4998-1-git-send-email-michael.tremer@ipfire.org
State Accepted
Commit 17c2c09bcc50376ef805a194eec8688a3dfcbc29
Headers
Series suricata: Scan outgoing traffic, too |

Commit Message

Michael Tremer Jan. 29, 2019, 11:03 p.m. UTC 
  Connections from the firewall and through the proxy must be filtered, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/firewall | 1 +
 1 file changed, 1 insertion(+)

Comments

Stefan Schantl Jan. 30, 2019, 12:09 a.m. UTC | #1 
Hello Michael,

thanks for the patch - merged!

Best regards,

-Stefan
> Connections from the firewall and through the proxy must be filtered,
> too
> 
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
>  src/initscripts/system/firewall | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/initscripts/system/firewall
> b/src/initscripts/system/firewall
> index 9a79cb1..a4fcee2 100644
> --- a/src/initscripts/system/firewall
> +++ b/src/initscripts/system/firewall
> @@ -189,6 +189,7 @@ iptables_init() {
>  	iptables -N IPS
>  	iptables -A INPUT -j IPS
>  	iptables -A FORWARD -j IPS
> +	iptables -A OUTPUT -j IPS
>  
>  	# Block non-established IPsec networks
>  	iptables -N IPSECBLOCK
diff mbox series

Patch

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 9a79cb1..a4fcee2 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -189,6 +189,7 @@  iptables_init() {
 	iptables -N IPS
 	iptables -A INPUT -j IPS
 	iptables -A FORWARD -j IPS
+	iptables -A OUTPUT -j IPS
 
 	# Block non-established IPsec networks
 	iptables -N IPSECBLOCK