mirror of
https://github.com/webmin/webmin.git
synced 2025-07-23 00:30:33 +00:00
Use correct state flag during initial rule setup https://github.com/webmin/webmin/issues/2264
This commit is contained in:
Jamie Cameron
@ -83,6 +83,8 @@ if ($in{'auto'}) {
|
|||||||
'rules' => [ ],
|
'rules' => [ ],
|
||||||
'defaults' => { } };
|
'defaults' => { } };
|
||||||
$table->{'defaults'}->{'INPUT'} = 'DROP';
|
$table->{'defaults'}->{'INPUT'} = 'DROP';
|
||||||
|
my $sd = &supports_conntrack() ? "ctstate" : "state";
|
||||||
|
my $sm = $sd eq "state" ? "state" : "conntrack";
|
||||||
push(@{$table->{'rules'}},
|
push(@{$table->{'rules'}},
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
'i' => [ "!", $iface ],
|
'i' => [ "!", $iface ],
|
||||||
@ -95,13 +97,13 @@ if ($in{'auto'}) {
|
|||||||
'j' => [ "", 'ACCEPT' ],
|
'j' => [ "", 'ACCEPT' ],
|
||||||
'cmt' => 'Accept traffic with the ACK flag set' },
|
'cmt' => 'Accept traffic with the ACK flag set' },
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
'm' => [ [ "", "state" ] ],
|
'm' => [ [ "", $sm ] ],
|
||||||
'state' => [ "", "ESTABLISHED" ],
|
$sd => [ "", "ESTABLISHED" ],
|
||||||
'j' => [ "", 'ACCEPT' ],
|
'j' => [ "", 'ACCEPT' ],
|
||||||
'cmt' => 'Allow incoming data that is part of a connection we established' },
|
'cmt' => 'Allow incoming data that is part of a connection we established' },
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
'm' => [ [ "", "state" ] ],
|
'm' => [ [ "", $sm ] ],
|
||||||
'state' => [ "", "RELATED" ],
|
$sd => [ "", "RELATED" ],
|
||||||
'j' => [ "", 'ACCEPT' ],
|
'j' => [ "", 'ACCEPT' ],
|
||||||
'cmt' => 'Allow data that is related to existing connections' },
|
'cmt' => 'Allow data that is related to existing connections' },
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
|
|||||||
@ -78,6 +78,8 @@ if ($in{'auto'}) {
|
|||||||
'rules' => [ ],
|
'rules' => [ ],
|
||||||
'defaults' => { } };
|
'defaults' => { } };
|
||||||
$table->{'defaults'}->{'INPUT'} = 'DROP';
|
$table->{'defaults'}->{'INPUT'} = 'DROP';
|
||||||
|
my $sd = &supports_conntrack() ? "ctstate" : "state";
|
||||||
|
my $sm = $sd eq "state" ? "state" : "conntrack";
|
||||||
push(@{$table->{'rules'}},
|
push(@{$table->{'rules'}},
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
'i' => [ "!", $iface ],
|
'i' => [ "!", $iface ],
|
||||||
@ -90,13 +92,13 @@ if ($in{'auto'}) {
|
|||||||
'j' => [ "", 'ACCEPT' ],
|
'j' => [ "", 'ACCEPT' ],
|
||||||
'cmt' => 'Accept traffic with the ACK flag set' },
|
'cmt' => 'Accept traffic with the ACK flag set' },
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
'm' => [ [ "", "state" ] ],
|
'm' => [ [ "", $sm ] ],
|
||||||
'state' => [ "", "ESTABLISHED" ],
|
$sd => [ "", "ESTABLISHED" ],
|
||||||
'j' => [ "", 'ACCEPT' ],
|
'j' => [ "", 'ACCEPT' ],
|
||||||
'cmt' => 'Allow incoming data that is part of a connection we established' },
|
'cmt' => 'Allow incoming data that is part of a connection we established' },
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
'm' => [ [ "", "state" ] ],
|
'm' => [ [ "", $sm ] ],
|
||||||
'state' => [ "", "RELATED" ],
|
$sd => [ "", "RELATED" ],
|
||||||
'j' => [ "", 'ACCEPT' ],
|
'j' => [ "", 'ACCEPT' ],
|
||||||
'cmt' => 'Allow data that is related to existing connections' },
|
'cmt' => 'Allow data that is related to existing connections' },
|
||||||
{ 'chain' => 'INPUT',
|
{ 'chain' => 'INPUT',
|
||||||
|
|||||||
Reference in New Issue
Block a user