paramah/ossec-blacklist
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

make rules stateless to catch existing connections

Browse Source
This commit is contained in:
Pawel Krawczyk 2015-01-07 10:13:25 +00:00
parent 84567f1845
commit 1d865b2111
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
firewall.user
View File

@ -38,10 +38,10 @@ if ! iptables -L ${blocklist_chain_name}; then iptables -N ${blocklist_chain_nam
# inject references to blocklist in the beginning of input and forward chains # inject references to blocklist in the beginning of input and forward chains
if ! iptables -L input_rule | grep -q ${blocklist_chain_name}; then if ! iptables -L input_rule | grep -q ${blocklist_chain_name}; then
iptables -I input_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name} iptables -I input_rule 1 -j ${blocklist_chain_name}
fi fi
if ! iptables -L forwarding_rule | grep -q ${blocklist_chain_name}; then if ! iptables -L forwarding_rule | grep -q ${blocklist_chain_name}; then
iptables -I forwarding_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name} iptables -I forwarding_rule 1 -j ${blocklist_chain_name}
fi fi
wan_iface=$(uci get network.wan.ifname) wan_iface=$(uci get network.wan.ifname)