[11/11] configroot: Drop traffic from and to hostile networks by default

Message ID ebf7243d-9b09-c4e8-c1f2-d90d1fd85205@ipfire.org
State Accepted
Commit 55f6e62cf70132e31e32ec7a666cf0068878287b
Headers show
Series firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection | expand

Commit Message

Peter Müller Dec. 18, 2021, 1:50 p.m. UTC
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/configroot | 1 +
 1 file changed, 1 insertion(+)

Patch

diff --git a/lfs/configroot b/lfs/configroot
index 4fa7aba79..56c0c7c8f 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -131,6 +131,7 @@  $(TARGET) :
 	echo  "DROPWIRELESSINPUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPWIRELESSFORWARD=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPSPOOFEDMARTIAN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPHOSTILE=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "POLICY=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings