From a30287014ca885aa2239284785cb6ffd17f70ddf Mon Sep 17 00:00:00 2001 From: Daniel Date: Sat, 23 Jan 2021 14:47:08 +0100 Subject: [PATCH 1/2] Fix nil check for nil value interfaces --- firewall/interception/nfq/nfq.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/firewall/interception/nfq/nfq.go b/firewall/interception/nfq/nfq.go index f4f0fe99..b22e125a 100644 --- a/firewall/interception/nfq/nfq.go +++ b/firewall/interception/nfq/nfq.go @@ -216,6 +216,10 @@ func (q *Queue) packetHandler(ctx context.Context) func(nfqueue.Attribute) int { // Destroy destroys the queue. Any error encountered is logged. func (q *Queue) Destroy() { + if q == nil { + return + } + q.cancelSocketCallback() if nf := q.getNfq(); nf != nil { From d9483e625127a9eaede41c8edbbbc1ed86185429 Mon Sep 17 00:00:00 2001 From: Daniel Date: Sat, 23 Jan 2021 14:47:44 +0100 Subject: [PATCH 2/2] Fix imcpv6 protocol name --- firewall/interception/nfqueue_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firewall/interception/nfqueue_linux.go b/firewall/interception/nfqueue_linux.go index 11ce9d9c..31a7f66b 100644 --- a/firewall/interception/nfqueue_linux.go +++ b/firewall/interception/nfqueue_linux.go @@ -103,12 +103,12 @@ func init() { "filter C17 -m mark --mark 0 -j DROP", "filter C17 -m mark --mark 1700 -j RETURN", - "filter C17 -m mark --mark 1701 -p icmp6 -j RETURN", + "filter C17 -m mark --mark 1701 -p icmpv6 -j RETURN", "filter C17 -m mark --mark 1701 -j REJECT --reject-with icmp6-adm-prohibited", "filter C17 -m mark --mark 1702 -j DROP", "filter C17 -j CONNMARK --save-mark", "filter C17 -m mark --mark 1710 -j RETURN", - "filter C17 -m mark --mark 1711 -p icmp6 -j RETURN", + "filter C17 -m mark --mark 1711 -p icmpv6 -j RETURN", "filter C17 -m mark --mark 1711 -j REJECT --reject-with icmp6-adm-prohibited", "filter C17 -m mark --mark 1712 -j DROP", "filter C17 -m mark --mark 1717 -j RETURN",