diff options
| author | Evgen <voitov.e@gmail.com> | 2021-02-17 16:46:51 +0300 |
|---|---|---|
| committer | Daniil Baturin <daniil@vyos.io> | 2021-03-15 17:53:45 +0200 |
| commit | be8931555483b4c76427cbd9897455df7370f2ce (patch) | |
| tree | 2db273586995ff4ba1b4c014fbc1a860534a48db | |
| parent | ac85d12205964d3705fea79910994141d3cefc49 (diff) | |
| download | vyatta-conntrack-be8931555483b4c76427cbd9897455df7370f2ce.tar.gz vyatta-conntrack-be8931555483b4c76427cbd9897455df7370f2ce.zip | |
Fixed add and remove conntrack ignore rules to iptables raw table
| -rw-r--r-- | scripts/vyatta-conntrack-ignore.pl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/vyatta-conntrack-ignore.pl b/scripts/vyatta-conntrack-ignore.pl index 37a1534..7d07604 100644 --- a/scripts/vyatta-conntrack-ignore.pl +++ b/scripts/vyatta-conntrack-ignore.pl @@ -35,7 +35,7 @@ openlog("vyatta-conntrack", "pid", "local0"); sub remove_ignore_policy { my ($rule_string) = @_; - my $iptables_cmd1 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j NOTRACK"; + my $iptables_cmd1 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j CT --notrack"; my $iptables_cmd2 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j RETURN"; run_cmd($iptables_cmd2); if ($? >> 8) { @@ -51,7 +51,7 @@ sub remove_ignore_policy { sub apply_ignore_policy { my ($rule_string, $rule, $num_rules) = @_; # insert at num_rules + 1 as there are so many rules already. - my $iptables_cmd1 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j NOTRACK"; + my $iptables_cmd1 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j CT --notrack"; $num_rules +=1; my $iptables_cmd2 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j RETURN"; run_cmd($iptables_cmd1); |