paramah/ossec-blacklist
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add -n flag to iptables -L to prevent DNS resolution

Browse Source
This commit is contained in:
Paweł Krawczyk 2016-04-25 17:49:52 +01:00
parent c3c83c5092
commit 125a3ac74f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
blacklist.sh
View File

@ -84,15 +84,15 @@ else
fi fi
# create main blocklists chain # create main blocklists chain
if ! iptables -L | grep -q "Chain ${blocklist_chain_name}"; then if ! iptables -nL | grep -q "Chain ${blocklist_chain_name}"; then
iptables -N ${blocklist_chain_name} iptables -N ${blocklist_chain_name}
fi fi
# inject references to blocklist in the beginning of input and forward chains # inject references to blocklist in the beginning of input and forward chains
if ! iptables -L ${INPUT} | grep -q ${blocklist_chain_name}; then if ! iptables -nL ${INPUT} | grep -q ${blocklist_chain_name}; then
iptables -I ${INPUT} 1 ${IN_OPT} -j ${blocklist_chain_name} iptables -I ${INPUT} 1 ${IN_OPT} -j ${blocklist_chain_name}
fi fi
if ! iptables -L ${FORWARD} | grep -q ${blocklist_chain_name}; then if ! iptables -nL ${FORWARD} | grep -q ${blocklist_chain_name}; then
iptables -I ${FORWARD} 1 ${IN_OPT} -j ${blocklist_chain_name} iptables -I ${FORWARD} 1 ${IN_OPT} -j ${blocklist_chain_name}
fi fi