On 07/11/2021 18:40, Frank Lichtenheld wrote:
From: Adrian <adrian.cre...@protonmail.com>The man page says: [!] -s, --source address[/mask][,...] Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com> --- sample/sample-config-files/firewall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) As part of an initative to clean up the Github PR submissions, submitting this patch to the mailing list for inclusion. Looks obviously correct to me. diff --git a/sample/sample-config-files/firewall.sh b/sample/sample-config-files/firewall.sh index 19d75ee9..456700ca 100755 --- a/sample/sample-config-files/firewall.sh +++ b/sample/sample-config-files/firewall.sh @@ -50,7 +50,7 @@ iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP# Check source address validity on packets going out to internet-iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP +iptables -A FORWARD ! -s $PRIVATE -i eth1 -j DROP# Allow local loopbackiptables -A INPUT -s $LOOP -j ACCEPT
This change makes sense to me. The syntax changed ages ago for iptables, where the negation needed to happen first.
Acked-By: David Sommerseth <dav...@openvpn.net> -- kind regards, David Sommerseth OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
