diff options
| author | Simon Rettberg | 2024-01-30 15:26:50 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2024-01-30 15:26:50 +0100 |
| commit | cf7b7d9f269856893bb799305673ba348cbe8c27 (patch) | |
| tree | ab7d6b748131c62aa1035ac9d862896b210edfab | |
| parent | [vmware-common] Simplify (diff) | |
| download | mltk-cf7b7d9f269856893bb799305673ba348cbe8c27.tar.gz mltk-cf7b7d9f269856893bb799305673ba348cbe8c27.tar.xz mltk-cf7b7d9f269856893bb799305673ba348cbe8c27.zip | |
[run-virt] Use tcp-reset for TCP firewalling
| -rw-r--r-- | core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall index 111c4662..ed10fbc8 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall @@ -166,25 +166,28 @@ while read -r DIR DEST PORT ACTION GARBAGE || [ -n "$DIR" ]; do IPLINE2+=" --dport $PORT" fi IPLINE2+=" -j $ACTION" + with= + [ "$ACTION" = "REJECT" ] && with="--reject-with tcp-reset" # IPv6? if ! [[ $DEST =~ $V4 ]]; then if [ "$PORT" = 0 ]; then + [ -n "$with" ] && ip6tables $IPLINE1 -p tcp $IPLINE2 $with ip6tables $IPLINE1 $IPLINE2 else - ip6tables $IPLINE1 -p tcp $IPLINE2 + ip6tables $IPLINE1 -p tcp $IPLINE2 $with ip6tables $IPLINE1 -p udp $IPLINE2 fi fi # IPv4 if ! [[ $DEST =~ $V6 ]]; then if [ "$PORT" = 0 ]; then + [ -n "$with" ] && iptables $IPLINE1 -p tcp $IPLINE2 $with iptables $IPLINE1 $IPLINE2 else - iptables $IPLINE1 -p tcp $IPLINE2 + iptables $IPLINE1 -p tcp $IPLINE2 $with iptables $IPLINE1 -p udp $IPLINE2 fi fi done < "$RULES" exit 0 - |