From 84567f18456511fc8aa90e9b18b938c636f18eee Mon Sep 17 00:00:00 2001
From: Pawel Krawczyk <p.krawczyk@kainos.com>
Date: Tue, 6 Jan 2015 10:19:16 +0000
Subject: [PATCH] make rules stateless so that new blacklist entry works for
 existing connections as well

---
 blacklist.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/blacklist.sh b/blacklist.sh
index 9128e88..0bab16e 100644
--- a/blacklist.sh
+++ b/blacklist.sh
@@ -32,10 +32,10 @@ fi
 
 # inject references to blocklist in the beginning of input and forward chains
 if ! iptables -L INPUT | grep -q ${blocklist_chain_name}; then
-  iptables -I INPUT 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
+  iptables -I INPUT 1 -j ${blocklist_chain_name}
 fi
 if ! iptables -L FORWARD | grep -q ${blocklist_chain_name}; then
-  iptables -I FORWARD 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
+  iptables -I FORWARD 1 -j ${blocklist_chain_name}
 fi                                                                 
 
 # flush the chain referencing blacklists, they will be restored in a second