a question with active-response when i used iptables

[chenfan0307]

active-response with ossec need use iptables, the default is firewalld, when i used iptables, it will not work. i don't know what to do when i used iptables.

[gagantous]

there are two scripts in active_response folder which have similar name, firewalld-drop.sh and firewall-drop.sh scripts. Used the firewall-drop.sh scripts files. That is for iptables.

root@debian:/home/debian# ls -al /var/ossec/active-response/bin/
total 68
drwxr-x--- 2 root ossec 4096 May 19 08:02 .
drwxr-x--- 3 root ossec 4096 Apr  3 04:05 ..
-rwxr-x--- 1 root ossec  141 Jul  8 10:33 block-IP.sh
-rwxr-x--- 1 root ossec 1711 Mar  3 10:05 disable-account.sh
-rwxr-x--- 1 root ossec 3952 Mar  3 10:05 firewalld-drop.sh
-rwxr-x--- 1 root ossec 6739 Mar  3 10:05 firewall-drop.sh
-rwxr-x--- 1 root ossec 3151 Mar  3 10:05 host-deny.sh
-rwxr-x--- 1 root ossec  800 Mar  3 10:05 ip-customblock.sh
-rwxr-x--- 1 root ossec 1617 Mar  3 10:05 ipfw_mac.sh
-rwxr-x--- 1 root ossec 1385 Mar  3 10:05 ipfw.sh
-rwxr-x--- 1 root ossec 1305 Mar  3 10:05 npf.sh
-rwxr-x--- 1 root ossec 1368 Mar  3 10:05 ossec-slack.sh
-rwxr-x--- 1 root ossec 1636 Mar  3 10:05 ossec-tweeter.sh
-rwxr-x--- 1 root ossec 1949 Mar  3 10:05 pf.sh
-rwxr-x--- 1 root ossec  542 Mar  3 10:05 restart-ossec.sh
-rwxr-x--- 1 root ossec 1182 Mar  3 10:05 route-null.sh