make rules stateless to catch existing connections
This commit is contained in:
parent
84567f1845
commit
1d865b2111
@ -38,10 +38,10 @@ if ! iptables -L ${blocklist_chain_name}; then iptables -N ${blocklist_chain_nam
|
||||
|
||||
# inject references to blocklist in the beginning of input and forward chains
|
||||
if ! iptables -L input_rule | grep -q ${blocklist_chain_name}; then
|
||||
iptables -I input_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
|
||||
iptables -I input_rule 1 -j ${blocklist_chain_name}
|
||||
fi
|
||||
if ! iptables -L forwarding_rule | grep -q ${blocklist_chain_name}; then
|
||||
iptables -I forwarding_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
|
||||
iptables -I forwarding_rule 1 -j ${blocklist_chain_name}
|
||||
fi
|
||||
|
||||
wan_iface=$(uci get network.wan.ifname)
|
||||
|
Loading…
Reference in New Issue
Block a user