Skip to content

Commit

Permalink
Update firewall rules to insert DROP rule at position 1
Browse files Browse the repository at this point in the history
  • Loading branch information
@stephdl
stephdl committed Mar 20, 2024
1 parent 86f86a9 commit 693a45b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions imageroot/bin/firewall-rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ if [[ $action == 'create-ipset' ]]; then
firewall-cmd --reload
elif [[ $action == 'add-rule' ]]; then
# we cannot use --permanent option here, because the set of ipset won't be seen by crowdsec-firewall-bouncer.service
iptables -I INPUT 0 -m set --match-set crowdsec-blacklists src -j DROP
ip6tables -I INPUT 0 -m set --match-set crowdsec6-blacklists src -j DROP
iptables -I INPUT 1 -m set --match-set crowdsec-blacklists src -j DROP
ip6tables -I INPUT 1 -m set --match-set crowdsec6-blacklists src -j DROP
elif [[ $action == 'remove-rule' ]]; then
iptables -D INPUT -m set --match-set crowdsec-blacklists src -j DROP
ip6tables -D INPUT -m set --match-set crowdsec6-blacklists src -j DROP
Expand Down

0 comments on commit 693a45b

Please sign in to comment.