From 1c31d9dc831c6ed564a4449d9550a22bde5ba9fc Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Fri, 5 Oct 2018 13:40:54 +0200
Subject: [PATCH] Fix error in applying PowerChute Network Shutdown rules.

---
 ip6t-firewall-gateway | 1 +
 ipt-firewall-gateway  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway
index 76b203d..cfdb4ea 100755
--- a/ip6t-firewall-gateway
+++ b/ip6t-firewall-gateway
@@ -2841,6 +2841,7 @@ if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
 
    for _ip in ${pcns_server_ip_arr[@]} ; do
       if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A OUTPUT -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
          $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
          $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
          $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway
index ccbd2e5..cb7c4f0 100755
--- a/ipt-firewall-gateway
+++ b/ipt-firewall-gateway
@@ -3554,12 +3554,14 @@ if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
 
    for _ip in ${pcns_server_ip_arr[@]} ; do
       if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A OUTPUT -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
       fi
 
       if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT