make rules stateless to catch existing connections

2015-01-07 10:13:25 +00:00 · 2015-01-07 10:13:25 +00:00 · 1d865b2111
commit 1d865b2111
parent 84567f1845
1 changed files with 2 additions and 2 deletions
--- a/firewall.user
+++ b/firewall.user
@ -38,10 +38,10 @@ if ! iptables -L ${blocklist_chain_name}; then iptables -N ${blocklist_chain_nam

 # inject references to blocklist in the beginning of input and forward chains
 if ! iptables -L input_rule | grep -q ${blocklist_chain_name}; then
-  iptables -I input_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
+  iptables -I input_rule 1 -j ${blocklist_chain_name}
 fi
 if ! iptables -L forwarding_rule | grep -q ${blocklist_chain_name}; then
-  iptables -I forwarding_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
+  iptables -I forwarding_rule 1 -j ${blocklist_chain_name}
 fi                                                                 

 wan_iface=$(uci get network.wan.ifname)