diff options
| author | Evgen <voitov.e@gmail.com> | 2021-02-17 16:46:51 +0300 |
|---|---|---|
| committer | Evgen <voitov.e@gmail.com> | 2021-02-17 16:46:51 +0300 |
| commit | 7b392ac470ff96d6ba17eccbc24917f9fd5d2312 (patch) | |
| tree | 44dbbfc3bf18a161904860a71acbe3cbbc7727bd | |
| parent | 6648b03c41186fd9de6604ca096b46fb7aa53f09 (diff) | |
| download | vyatta-conntrack-7b392ac470ff96d6ba17eccbc24917f9fd5d2312.tar.gz vyatta-conntrack-7b392ac470ff96d6ba17eccbc24917f9fd5d2312.zip | |
Fixed add and remove conntrack ignore rules to iptables raw table
| -rw-r--r-- | scripts/vyatta-conntrack-ignore.pl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/vyatta-conntrack-ignore.pl b/scripts/vyatta-conntrack-ignore.pl index 37a1534..7d07604 100644 --- a/scripts/vyatta-conntrack-ignore.pl +++ b/scripts/vyatta-conntrack-ignore.pl @@ -35,7 +35,7 @@ openlog("vyatta-conntrack", "pid", "local0"); sub remove_ignore_policy { my ($rule_string) = @_; - my $iptables_cmd1 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j NOTRACK"; + my $iptables_cmd1 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j CT --notrack"; my $iptables_cmd2 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j RETURN"; run_cmd($iptables_cmd2); if ($? >> 8) { @@ -51,7 +51,7 @@ sub remove_ignore_policy { sub apply_ignore_policy { my ($rule_string, $rule, $num_rules) = @_; # insert at num_rules + 1 as there are so many rules already. - my $iptables_cmd1 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j NOTRACK"; + my $iptables_cmd1 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j CT --notrack"; $num_rules +=1; my $iptables_cmd2 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j RETURN"; run_cmd($iptables_cmd1); |