From cf7b7d9f269856893bb799305673ba348cbe8c27 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 30 Jan 2024 15:26:50 +0100
Subject: [run-virt] Use tcp-reset for TCP firewalling

---
 .../run-virt/data/opt/openslx/vmchooser/scripts/set-firewall     | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'core')

diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
index 111c4662..ed10fbc8 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
@@ -166,25 +166,28 @@ while read -r DIR DEST PORT ACTION GARBAGE || [ -n "$DIR" ]; do
 		IPLINE2+=" --dport $PORT"
 	fi
 	IPLINE2+=" -j $ACTION"
+	with=
+	[ "$ACTION" = "REJECT" ] && with="--reject-with tcp-reset"
 	# IPv6?
 	if ! [[ $DEST =~ $V4 ]]; then
 		if [ "$PORT" = 0 ]; then
+			[ -n "$with" ] && ip6tables $IPLINE1 -p tcp $IPLINE2 $with
 			ip6tables $IPLINE1 $IPLINE2
 		else
-			ip6tables $IPLINE1 -p tcp $IPLINE2
+			ip6tables $IPLINE1 -p tcp $IPLINE2 $with
 			ip6tables $IPLINE1 -p udp $IPLINE2
 		fi
 	fi
 	# IPv4
 	if ! [[ $DEST =~ $V6 ]]; then
 		if [ "$PORT" = 0 ]; then
+			[ -n "$with" ] && iptables $IPLINE1 -p tcp $IPLINE2 $with
 			iptables $IPLINE1 $IPLINE2
 		else
-			iptables $IPLINE1 -p tcp $IPLINE2
+			iptables $IPLINE1 -p tcp $IPLINE2 $with
 			iptables $IPLINE1 -p udp $IPLINE2
 		fi
 	fi
 done < "$RULES"
 
 exit 0
-
-- 
cgit v1.2.3-55-g7522