# HG changeset patch # User Michiel Broek # Date 1429434802 -7200 # Node ID c8e957eb1b36b8f57f3d9c50ccd3b1a6534be227 # Parent c846ebedfff3b092c3ba8bc83020ab702ee03060 Hosts blocked by the ipset global tables are now stateless blocked. Version 0.0.19. diff -r c846ebedfff3 -r c8e957eb1b36 sbin/mbse-firewall --- a/sbin/mbse-firewall Mon Apr 13 17:22:53 2015 +0200 +++ b/sbin/mbse-firewall Sun Apr 19 11:13:22 2015 +0200 @@ -22,7 +22,7 @@ # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. # --------------------------------------------------------------------------- -MBSEFW_VERSION="0.0.18" +MBSEFW_VERSION="0.0.19" # Sanity checks if [ "$(id -u)" != "0" ]; then @@ -278,9 +278,9 @@ # If we use the global blocktables. if [ "$IF_EXT_GLOBAL_BLOCK" == "1" ]; then - $IPTABLES -A INPUT -i $IF_EXT -m state --state NEW -m set --match-set global-blk4 src -j DROP + $IPTABLES -A INPUT -i $IF_EXT -m set --match-set global-blk4 src -j DROP if [ "$FW_FORWARD" = "1" ]; then - $IPTABLES -A FORWARD -i $IF_EXT -m state --state NEW -m set --match-set global-blk4 src -j DROP + $IPTABLES -A FORWARD -i $IF_EXT -m set --match-set global-blk4 src -j DROP fi if [ "$USE_IPV6" == "1" ]; then if [ -n "$IF_EXT6" ]; then @@ -288,9 +288,9 @@ else IF6=$IF_EXT fi - $IP6TABLES -A INPUT -i $IF6 -m state --state NEW -m set --match-set global-blk6 src -j DROP + $IP6TABLES -A INPUT -i $IF6 -m set --match-set global-blk6 src -j DROP if [ "$FW_FORWARD" = "1" ]; then - $IP6TABLES -A FORWARD -i $IF6 -m state --state NEW -m set --match-set global-blk6 src -j DROP + $IP6TABLES -A FORWARD -i $IF6 -m set --match-set global-blk6 src -j DROP fi fi echo -n "."