rules.pl: Fixes bug12981 - Add in and out specific actions for drop hostile

- This changes the action from HOSTILE_DROP to HOSTILE_DROP_IN for icnoming traffic and HOSTILE_DROP_OUT for outgoing traffic enabling logging decisions to be taken on each independently. Fixes: bug12981 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Acked-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2024-01-21 12:45:48 +01:00 · 2024-01-21 12:45:48 +01:00 · f23555a1c6
parent 89645d1bbf
commit f23555a1c6
1 changed files with 3 additions and 3 deletions
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@ -726,8 +726,8 @@ sub drop_hostile_networks () {
 	&ipset_restore($HOSTILE_CCODE);

 	# Check traffic in incoming/outgoing direction and drop if it matches
-	run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP");
-	run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP");
+	run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP_IN");
+	run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP_OUT");
 }

 sub ipblocklist () {