Conntrack fixes

master
bbruns 9 years ago
parent cdbf821084
commit 995415770f
  1. 4
      bin/firewall-sosdg

@ -701,8 +701,8 @@ if [ $NAT ]; then
$IPTABLES -A POSTROUTING -t nat -s ${NAT_RULE[2]} -j SNAT \
-o ${NAT_RULE[3]} --to-source ${NAT_RULE[4]}
$IPTABLES -A FORWARD ${M_STATE} ${C_STATE} NEW,RELATED,ESTABLISHED -i ${NAT_RULE[1]} -s ${NAT_RULE[2]} -o ${NAT_RULE[3]} -j ACCEPT
$IPTABLES -A FORWARD ${M_STATE} ${C_STATE} RELATED,ESTABLISHED -o ${NAT_RULE[1]} -d ${NAT_RULE[2]} -o ${NAT_RULE[3]} -j ACCEPT
$IPTABLES -A FORWARD ${M_STATE} ${C_STATE} INVALID -o ${NAT_RULE[1]} -d ${NAT_RULE[2]} -o ${NAT_RULE[3]} -j DROP
$IPTABLES -A FORWARD ${M_STATE} ${C_STATE} RELATED,ESTABLISHED -o ${NAT_RULE[1]} -d ${NAT_RULE[2]} -j ACCEPT
$IPTABLES -A FORWARD ${M_STATE} ${C_STATE} INVALID -o ${NAT_RULE[1]} -d ${NAT_RULE[2]} -j DROP
display_c DEFAULT "\t${GREEN}SNAT:${PURPLE}${NAT_RULE[1]}:${NAT_RULE[2]}${AQUA}->${BLUE}${NAT_RULE[3]}:${NAT_RULE[4]}"
if [[ ! "$INIF_EXISTS" =~ "${NAT_RULE[1]}:${NAT_RULE[2]}" ]]; then
$IPTABLES -A INPUT -p icmp --icmp-type time-exceeded -i ${NAT_RULE[1]} \

Loading…
Cancel
Save