vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-14 16:59:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix connection blocking on Linux

Browse source
This commit is contained in:
Daniel 2020-11-06 08:53:07 +01:00
parent 224ae219da
commit 28bb8ec6ca
2 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
firewall/interception/nfqueue_linux.go
View file

@ -60,10 +60,18 @@ func init() {
"filter C17 -m mark --mark 0 -j DROP",
"filter C17 -m mark --mark 1700 -j RETURN",
// Accepting ICMP packets with mark 1701 is required for rejecting to work,
// as the rejection ICMP packet will have the same mark. Blocked ICMP
// packets will always result in a drop within the Portmaster.
"filter C17 -m mark --mark 1701 -p icmp -j RETURN",
"filter C17 -m mark --mark 1701 -j REJECT --reject-with icmp-host-prohibited",
"filter C17 -m mark --mark 1702 -j DROP",
"filter C17 -j CONNMARK --save-mark",
"filter C17 -m mark --mark 1710 -j RETURN",
// Accepting ICMP packets with mark 1711 is required for rejecting to work,
// as the rejection ICMP packet will have the same mark. Blocked ICMP
// packets will always result in a drop within the Portmaster.
"filter C17 -m mark --mark 1711 -p icmp -j RETURN",
"filter C17 -m mark --mark 1711 -j REJECT --reject-with icmp-host-prohibited",
"filter C17 -m mark --mark 1712 -j DROP",
"filter C17 -m mark --mark 1717 -j RETURN",