webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Keep REPEAT bit when saving rest to CONNMARK

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Michael Tremer
2021-10-18 10:10:22 +00:00
committed by Arne Fitzenreiter
parent 3fa8300e70
commit 19357bc55e
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/initscripts/system/firewall
View File

@@ -48,8 +48,7 @@ iptables_init() {
# IPS Bypass Chain which stores the BYPASS bit in connection tracking
iptables -N IPSBYPASS
iptables -A IPSBYPASS -j MARK --set-xmark "0/$(( IPS_REPEAT_MASK ))"
iptables -A IPSBYPASS -j CONNMARK --save-mark
iptables -A IPSBYPASS -j CONNMARK --save-mark --mask "$(( ~IPS_REPEAT_MASK & 0xffffffff ))"
# Jump into bypass chain when the BYPASS bit is set
for chain in INPUT FORWARD OUTPUT; do