Verified Commit dfc2ec4b authored by Karel Koci's avatar Karel Koci 🤘
Browse files

Merge branch 'hotfix/sentinel-dynfw' into develop

parents a1bf2b78 e7b669ff
......@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=sentinel-dynfw-client
PKG_VERSION:=1.4.0
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/dynfw-client.git
......
......@@ -3,6 +3,10 @@ set -e
. "${0%/*}/common.sh"
. /lib/functions.sh
IPSET="turris-sn-dynfw-block"
# Always create IP set to prevent iptables error about missing ipset.
ipset create "$IPSET" hash:ip -exist
dynfw_block() {
local config_section="$1"
......@@ -22,7 +26,7 @@ dynfw_block() {
[ "${chain}" == "input" ] && bypass_mark="-m mark ! --mark 0x10/0x10"
iptables_drop "${zone}" "${chain}" \
-m set --match-set 'turris-sn-dynfw-block' src \
-m set --match-set "$IPSET" src \
${bypass_mark} \
-m conntrack --ctstate NEW \
-m comment --comment "!sentinel: dynamic firewall block"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment