Advertisement
Peaceseeker

conntrack_fix.patch

Nov 2nd, 2012
108
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.84 KB | None | 0 0
  1. --- a/ipblock 2010-10-23 07:54:30.000000000 +0100
  2. +++ b/ipblock 2012-11-02 17:08:57.568379144 +0000
  3. @@ -43,7 +43,7 @@
  4. BLOCK_TARGET_MARK=0xffff
  5.  
  6. NICE=-5
  7. -NEW="-m state --state NEW"
  8. +NEW="-m conntrack --ctstate NEW"
  9.  
  10. GUI_LOG_FILE="/tmp/ipblockUI.log"
  11.  
  12. --- a/iplist.8 2010-10-23 07:54:30.000000000 +0100
  13. +++ b/iplist.8 2012-11-02 17:11:08.961306777 +0000
  14. @@ -146,9 +146,9 @@
  15. would block in- and outcoming packets that attempt to establish
  16. a new conncection.
  17.  
  18. -#> iptables -I INPUT -p tcp -m state --state NEW --dport 6991:6999 -j NFQUEUE
  19. +#> iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 6991:6999 -j NFQUEUE
  20. .br
  21. -#> iptables -I OUTPUT -p tcp -m state --state NEW --sport 6991:6999 -j NFQUEUE
  22. +#> iptables -I OUTPUT -p tcp -m conntrack --ctstate NEW --sport 6991:6999 -j NFQUEUE
  23.  
  24. Then iplist can be started like this
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement