GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

ocserv-fw should send all traffic to the device-specific forwarding chain

Browse Source 
After adding port-specific rules to FORWARD and creating SEC_FORWARD_CHAIN
with route-specific rules, send any remaining FORWARD traffic to
SEC_FORWARD_CHAIN.
This commit is contained in:
John Thiltges
2017-01-09 15:45:22 -06:00
parent fa65740a4c
commit 7e3c628785
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ocserv-fw
View File

@@ -270,6 +270,10 @@ else
iptables -A ${SEC_FORWARD_CHAIN} -i ${DEVICE} -j ACCEPT -m comment --comment "${COMMENT}"
fi
# send traffic to the route chain
iptables -A FORWARD -i ${DEVICE} -j ${SEC_FORWARD_CHAIN} --match comment --comment "${COMMENT}"
ip6tables -A FORWARD -i ${DEVICE} -j ${SEC_FORWARD_CHAIN} --match comment --comment "${COMMENT}"
execute_next_script
exit 0