From 8348448448c56034b373e75ea6d7c32f028bfb50 Mon Sep 17 00:00:00 2001 From: Alfonso Date: Sat, 11 Apr 2020 10:44:21 +0200 Subject: [PATCH] Update blocklist-update.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added statement to return if there's no matching ip. We should not accept non-matching ip; returning to keep beĆ­ng proccessed (ie fail2ban). --- blocklist-update.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/blocklist-update.sh b/blocklist-update.sh index 2813fea..31a5fdb 100644 --- a/blocklist-update.sh +++ b/blocklist-update.sh @@ -97,6 +97,8 @@ then # Create the one and only firewall rule $IPTABLES_PATH -I $CHAINNAME -m set --match-set $CHAINNAME src -j $ACTION >>$MAILLOG 2>&1 fi +echo "Adding the return statement to the chain. We do not want to accept a non-matching ip; think about fail2ban" >>$MAILLOG +$IPTABLES_PATH -A $CHAINNAME -j RETURN >>$MAILLOG 2>&1 ## Read all IPs from the downloaded IP list and fill up the ipset filter set echo "" >>$MAILLOG