Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 14 Feb 2022, at 18:42, Stefan Schantl stefan.schantl@ipfire.org wrote:
It is required to get rid of all ipset based rules before all of the loaded ipset lists can be destroyed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/firewall/rules.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 9d280045a..f685d08a7 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -186,6 +186,9 @@ sub flush { run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE"); run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION"); run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
- # Flush LOCATIONBLOCK chain.
- run("$IPTABLES -F LOCATIONBLOCK");
}
sub buildrules { @@ -638,8 +641,7 @@ sub p2pblock { }
sub locationblock {
- # Flush iptables chain.
- run("$IPTABLES -F LOCATIONBLOCK");
# The LOCATIONBLOCK chain now gets flushed by the flush() function.
# If location blocking is not enabled, we are finished here. if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {
-- 2.30.2