From bccbd0d4c0faf46e911284e599cc22da2c9b04d9 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 8 Dec 2018 01:05:28 +0100 Subject: Firewall: REJECT outgoing connections instead of DROPing them. --- roles/common/files/usr/local/sbin/update-firewall.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'roles') diff --git a/roles/common/files/usr/local/sbin/update-firewall.sh b/roles/common/files/usr/local/sbin/update-firewall.sh index 207eada..36c12c6 100755 --- a/roles/common/files/usr/local/sbin/update-firewall.sh +++ b/roles/common/files/usr/local/sbin/update-firewall.sh @@ -327,6 +327,7 @@ run() { iptables $iptNew $if -p $proto $optsNew -m state --state $stNew -j ACCEPT iptables $iptEst $if -p $proto $optsEst -m state --state $stEst -j ACCEPT done + iptables -A OUTPUT -o $if -j REJECT ######################################################################## commit -- cgit v1.2.3