Fix some issues with conntracking rules
parent
d7a8c0bd92
commit
13f378819c
|
@ -421,9 +421,6 @@ function enable_forwarding {
|
||||||
[[ ${protocol} == "-" ]] && protocol=""
|
[[ ${protocol} == "-" ]] && protocol=""
|
||||||
[[ ${bidirectional} == "-" ]] && bidirectional="no"
|
[[ ${bidirectional} == "-" ]] && bidirectional="no"
|
||||||
|
|
||||||
[[ ${action} == "DROP" ]] && conntrack_state=""
|
|
||||||
|
|
||||||
|
|
||||||
${VER_IPTABLES} -A ${FwdFilter} ${protocol} ${srcinterface} ${srcaddress} ${srcport} ${syn} ${dstinterface} ${dstaddress} ${dstport} ${conntrack_state} -j ${action}
|
${VER_IPTABLES} -A ${FwdFilter} ${protocol} ${srcinterface} ${srcaddress} ${srcport} ${syn} ${dstinterface} ${dstaddress} ${dstport} ${conntrack_state} -j ${action}
|
||||||
[[ ${bidirectional} == "yes" ]] && ${VER_IPTABLES} -A ${FwdFilter} ${protocol} ${revsrcinterface} ${revsrcaddress} ${revsrcport} ${syn} ${revdstinterface} ${revdstaddress} ${revdstport} ${conntrack_state} -j ${action}
|
[[ ${bidirectional} == "yes" ]] && ${VER_IPTABLES} -A ${FwdFilter} ${protocol} ${revsrcinterface} ${revsrcaddress} ${revsrcport} ${syn} ${revdstinterface} ${revdstaddress} ${revdstport} ${conntrack_state} -j ${action}
|
||||||
done < "${FWCONFIGDIR}/ipv${IPVER}/forward.conf"
|
done < "${FWCONFIGDIR}/ipv${IPVER}/forward.conf"
|
||||||
|
|
Loading…
Reference in New Issue