[10/11] configroot: Enable logging of spoofed packets/martians by default

Message ID 388c5d5a-91b1-619d-ae47-11b3475f7ed6@ipfire.org
State Accepted
Commit 02001624d22733f208f7d17b398c076e85c9971d
Headers show
Series firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection | expand

Commit Message

Peter Müller Dec. 18, 2021, 1:50 p.m. UTC
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/configroot | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch

diff --git a/lfs/configroot b/lfs/configroot
index e0156c746..4fa7aba79 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -114,7 +114,7 @@  $(TARGET) :
 	echo  "ENABLED=off"		> $(CONFIG_ROOT)/vpn/settings
 	echo  "01"			> $(CONFIG_ROOT)/certs/serial
 	echo  "nameserver    1.2.3.4"	> $(CONFIG_ROOT)/ppp/fake-resolv.conf
-	echo  "DROPNEWNOTSYN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPNEWNOTSYN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPINPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPFORWARD=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "FWPOLICY=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
@@ -130,6 +130,7 @@  $(TARGET) :
 	echo  "SHOWDROPDOWN=off"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPWIRELESSINPUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPWIRELESSFORWARD=on"	>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPSPOOFEDMARTIAN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "POLICY=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings