vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 02:29:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #237 from safing/fix/nfq-abort-start

Browse source 
Fix nfq abort start
This commit is contained in:
Daniel 2021-01-25 16:50:51 +01:00 committed by GitHub
commit cad957bae0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
firewall/interception/nfq/nfq.go
View file

@ -216,6 +216,10 @@ func (q *Queue) packetHandler(ctx context.Context) func(nfqueue.Attribute) int {
// Destroy destroys the queue. Any error encountered is logged.
func (q *Queue) Destroy() {
if q == nil {
return
}
q.cancelSocketCallback()
if nf := q.getNfq(); nf != nil {

4
firewall/interception/nfqueue_linux.go
View file

@ -103,12 +103,12 @@ func init() {
"filter C17 -m mark --mark 0 -j DROP",
"filter C17 -m mark --mark 1700 -j RETURN",
"filter C17 -m mark --mark 1701 -p icmp6 -j RETURN",
"filter C17 -m mark --mark 1701 -p icmpv6 -j RETURN",
"filter C17 -m mark --mark 1701 -j REJECT --reject-with icmp6-adm-prohibited",
"filter C17 -m mark --mark 1702 -j DROP",
"filter C17 -j CONNMARK --save-mark",
"filter C17 -m mark --mark 1710 -j RETURN",
"filter C17 -m mark --mark 1711 -p icmp6 -j RETURN",
"filter C17 -m mark --mark 1711 -p icmpv6 -j RETURN",
"filter C17 -m mark --mark 1711 -j REJECT --reject-with icmp6-adm-prohibited",
"filter C17 -m mark --mark 1712 -j DROP",
"filter C17 -m mark --mark 1717 -j RETURN",