# Inject custom firewall rules into whonix_firewall
I would be happy if we could add some suitable hook mechanism to whonix_firewall or add some if/then code to whonix_firewall to simplify that code. Sed injection doesn't look future proof. (Done.)
Create a file /etc/whonix_firewall.d/32_qubes with a content like this:
GATEWAY_IPv4_DROP_INVALID_INCOMING_PACKAGES_POST_HOOK=`/path/to/script`
Then you can add your injected rules there instead of using sed to edit /usr/bin/whonix_firewall.