Am 07.11.21 um 18:40 schrieb Frank Lichtenheld:
From: Adrian <adrian.cre...@protonmail.com>
The man page says:
[!] -s, --source address[/mask][,...]
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
sample/sample-config-files/firewall.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
As part of an initative to clean up the Github PR submissions, submitting
this patch to the mailing list for inclusion. Looks obviously correct to
me.
diff --git a/sample/sample-config-files/firewall.sh
b/sample/sample-config-files/firewall.sh
index 19d75ee9..456700ca 100755
--- a/sample/sample-config-files/firewall.sh
+++ b/sample/sample-config-files/firewall.sh
@@ -50,7 +50,7 @@ iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP
iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP
# Check source address validity on packets going out to internet
-iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP
+iptables -A FORWARD ! -s $PRIVATE -i eth1 -j DROP
# Allow local loopback
iptables -A INPUT -s $LOOP -j ACCEPT
I have a vague idea that this is actually different. Like one is that
condition is not fulfilled and the other is that it is not part of the
subnet if is different when there is different protocol but I might
misremember.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
