@@ -173,6 +173,7 @@ lan() {
badips() {
ipset create -! $banset hash:ip hashsize 4096 timeout $banttl maxelem $badmaxelems
+ ${iptables} -N FWBAD
if $logbad ; then
_droplog "BAD"
${iptables} -A FWBAD -i ${wan} -p udp -m set --match-set $banset src -m conntrack --ctstate NEW --ctproto UDP -j BADLOGDROP
