From e61f075d97e01bdc37df91b6e7be88385584df4b Mon Sep 17 00:00:00 2001 From: Dengfeng Liu Date: Thu, 26 Sep 2024 15:58:50 +0800 Subject: [PATCH] fix: when deny a client, delete its both src and dst connection Signed-off-by: Dengfeng Liu --- src/fw4_nft.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/fw4_nft.c b/src/fw4_nft.c index 1480c5c2..3e19c426 100644 --- a/src/fw4_nft.c +++ b/src/fw4_nft.c @@ -101,6 +101,7 @@ const char *nft_wifidogx_init_script[] = { "add rule inet fw4 forward_wifidogx_wan meta mark 0x10000 accept", "add rule inet fw4 forward_wifidogx_wan meta mark 0x20000 accept", "add rule inet fw4 forward_wifidogx_wan jump forward_wifidogx_unknown", + "add rule inet fw4 forward_wifidogx_unkown jump handle_reject", "add rule inet fw4 forward_wifidogx_auth_servers ip daddr @set_wifidogx_auth_servers accept", "add rule inet fw4 forward_wifidogx_auth_servers ip6 daddr @set_wifidogx_auth_servers_v6 accept", "add rule inet fw4 forward_wifidogx_trust_domains ip daddr @set_wifidogx_trust_domains accept", @@ -111,13 +112,13 @@ const char *nft_wifidogx_init_script[] = { }; const char *nft_wifidogx_dhcp_pass_script[] = { - "add rule inet fw4 forward_wifidogx_unknown udp dport 67 accept", - "add rule inet fw4 forward_wifidogx_unknown tcp dport 67 accept", + "insert rule inet fw4 forward_wifidogx_unknown udp dport 67 accept", + "insert rule inet fw4 forward_wifidogx_unknown tcp dport 67 accept", }; const char *nft_wifidogx_dns_pass_script[] = { - "add rule inet fw4 forward_wifidogx_unknown udp dport 53 accept", - "add rule inet fw4 forward_wifidogx_unknown tcp dport 53 accept", + "insert rule inet fw4 forward_wifidogx_unknown udp dport 53 accept", + "insert rule inet fw4 forward_wifidogx_unknown tcp dport 53 accept", }; const char *nft_wifidogx_dhcp_redirect_script[] = {