From patchwork Tue Jan 29 23:03:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2054 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 61C1F898846 for ; Tue, 29 Jan 2019 12:03:41 +0000 (GMT) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 43plWw2s9rz5FRrl; Tue, 29 Jan 2019 12:03:40 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1548763420; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references:list-id: list-unsubscribe:list-subscribe:list-post; bh=QXLb0UoYL/ZjbM/qAejxqMuez0esYfKNMMAw2bKh8Eg=; b=okQLbSq84lDotvJbC22a2Cj7voSr4uxch8JBm3bp2TuPuf+cO6AIp90O6qG0wfe4P9DGDS 4G9uY2//BZaZ70Te9N41JK9nEfYDb3sKrL5NWBynveQOo3e6xHbWERa4UiBrPfa0WpTY9P gF29FC0aypwZjMrzvvW8VYpTzKMrcsnVTrgoBvLuEk8P/TimR1Il0RUv98Q4oSuj6rpT0k 3jVNz2bwOYpA0pj6lc3he4zCGv5mELt+5T3oYg6SusNApcuvq9/Fsu+6kcnhq3XD3KWfjN vl6OmAautHMdYjUUSHC1UzMvB0SYpUNr+w1rvOm1sv15a3QIMSjjlXVAeBhwXw== Received: from ipfire.localdomain (unknown [93.115.194.196]) by mail01.ipfire.org (Postfix) with ESMTP id 43plWt2Xypz5FRrl; Tue, 29 Jan 2019 12:03:38 +0000 (GMT) From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH] suricata: Scan outgoing traffic, too Date: Tue, 29 Jan 2019 12:03:37 +0000 Message-Id: <1548763417-4998-1-git-send-email-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.6.3 X-Spam-Status: No, score=3.88 X-Rspamd-Server: mail01.i.ipfire.org Authentication-Results: mail01.ipfire.org; dmarc=fail reason="" header.from=ipfire.org (policy=none); spf=softfail (mail01.ipfire.org: 93.115.194.196 is neither permitted nor denied by domain of michael.tremer@ipfire.org) smtp.mailfrom=michael.tremer@ipfire.org X-Spamd-Result: default: False [3.88 / 11.00]; ARC_NA(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[ipfire.org : No valid SPF, No valid DKIM,none]; BAYES_HAM(-3.00)[100.00%]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HFILTER_HELO_IP_A(3.00)[ipfire.localdomain]; HFILTER_HELO_NORES_A_OR_MX(0.30)[ipfire.localdomain]; R_SPF_SOFTFAIL(0.00)[~all]; IP_SCORE(-0.01)[country: GB(-0.06)]; MX_GOOD(-0.01)[cached: mail01.ipfire.org]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:56478, ipnet:93.115.192.0/22, country:GB]; HFILTER_HOSTNAME_UNKNOWN(2.50)[]; RCVD_TLS_ALL(0.00)[]; ONCE_RECEIVED(0.10)[] X-Spam-Level: *** Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Connections from the firewall and through the proxy must be filtered, too Signed-off-by: Michael Tremer --- src/initscripts/system/firewall | 1 + 1 file changed, 1 insertion(+) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 9a79cb1..a4fcee2 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -189,6 +189,7 @@ iptables_init() { iptables -N IPS iptables -A INPUT -j IPS iptables -A FORWARD -j IPS + iptables -A OUTPUT -j IPS # Block non-established IPsec networks iptables -N IPSECBLOCK