diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 3e6c30a..b0a1f96 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -671,11 +671,11 @@ echo_done # --- echononl "\tPermit all traffic through VPN lines.." for _vpn_if in ${vpn_if_arr[@]} ; do - $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT - $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT + $ip6t -A INPUT -i $_vpn_if -m state --state NEW -j ACCEPT + $ip6t -A OUTPUT -o $_vpn_if -m state --state NEW -j ACCEPT if $kernel_forward_between_interfaces ; then - $ip6t -A FORWARD -i $_vpn_if -j ACCEPT - $ip6t -A FORWARD -o $_vpn_if -j ACCEPT + $ip6t -A FORWARD -i $_vpn_if -m state --state NEW -j ACCEPT + $ip6t -A FORWARD -o $_vpn_if -m state --state NEW -j ACCEPT fi done echo_done @@ -696,7 +696,7 @@ if [[ ${#restrict_local_service_to_net_arr[@]} -gt 0 ]] ; then IFS=',' read -a _val_arr <<< "${_val}" for _dev in ${ext_if_arr[@]} ; do - $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT + $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m state --state NEW -j ACCEPT if ! containsElement "${_dev},${_val_arr[1]},${_val_arr[2]},${_val_arr[3]}" "${_deny_service_arr[@]}" ; then _deny_service_arr+=("${_dev},${_val_arr[1]},${_val_arr[2]},${_val_arr[3]}") @@ -728,7 +728,7 @@ if [[ ${#restrict_local_net_to_net_arr[@]} -gt 0 ]] ; then for _val in "${restrict_local_net_to_net_arr[@]}" ; do IFS=',' read -a _val_arr <<< "${_val}" for _dev in ${ext_if_arr[@]} ; do - $ip6t -A INPUT -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT + $ip6t -A INPUT -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m state --state NEW -j ACCEPT if ! containsElement "${_dev},${_val_arr[1]}" "${_deny_net_arr[@]}" ; then _deny_net_arr+=("${_dev},${_val_arr[1]}") diff --git a/ipt-firewall-server b/ipt-firewall-server index 4e6223f..13551be 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -951,11 +951,11 @@ echo_done # --- echononl "\tPermit all traffic through VPN lines.." for _vpn_if in ${vpn_if_arr[@]} ; do - $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT - $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT + $ipt -A INPUT -i $_vpn_if -m state --state NEW -j ACCEPT + $ipt -A OUTPUT -o $_vpn_if -m state --state NEW -j ACCEPT if $kernel_activate_forwarding ; then - $ipt -A FORWARD -i $_vpn_if -j ACCEPT - $ipt -A FORWARD -o $_vpn_if -j ACCEPT + $ipt -A FORWARD -i $_vpn_if -m state --state NEW -j ACCEPT + $ipt -A FORWARD -o $_vpn_if -m state --state NEW -j ACCEPT fi done echo_done @@ -976,7 +976,7 @@ if [[ ${#restrict_local_service_to_net_arr[@]} -gt 0 ]] ; then IFS=':' read -a _val_arr <<< "${_val}" for _dev in ${ext_if_arr[@]} ; do - $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT + $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m state --state NEW -j ACCEPT if ! containsElement "${_dev}:${_val_arr[1]}:${_val_arr[2]}:${_val_arr[3]}" "${_deny_service_arr[@]}" ; then _deny_service_arr+=("${_dev}:${_val_arr[1]}:${_val_arr[2]}:${_val_arr[3]}") @@ -1009,7 +1009,7 @@ if [[ ${#restrict_local_net_to_net_arr[@]} -gt 0 ]] ; then for _val in "${restrict_local_net_to_net_arr[@]}" ; do IFS=':' read -a _val_arr <<< "${_val}" for _dev in ${ext_if_arr[@]} ; do - $ipt -A INPUT -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT + $ipt -A INPUT -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m state --state NEW -j ACCEPT if ! containsElement "${_dev}:${_val_arr[1]}" "${_deny_net_arr[@]}" ; then _deny_net_arr+=("${_dev}:${_val_arr[1]}")