Skip to content

Commit 2ecbebb

Browse files
acvacv
committed
Some rules weren't being run.
1 parent af4b5ce commit 2ecbebb

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

src/fw_iptables.c

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -606,14 +606,22 @@ iptables_fw_access_host(fw_access_t type, const char *host)
606606
int
607607
iptables_fw_auth_unreachable(int tag)
608608
{
609-
return iptables_do_command("-t mangle -A " CHAIN_AUTH_IS_DOWN " -j MARK --set-mark 0x%u", tag);
609+
int got_authdown_ruleset = NULL == get_ruleset(FWRULESET_AUTH_IS_DOWN) ? 0 : 1;
610+
if (got_authdown_ruleset)
611+
return iptables_do_command("-t mangle -A " CHAIN_AUTH_IS_DOWN " -j MARK --set-mark 0x%u", tag);
612+
else
613+
return 1;
610614
}
611615

612616
/** Remove mark when auth server is reachable again */
613617
int
614618
iptables_fw_auth_reachable(void)
615619
{
616-
return iptables_do_command("-t mangle -F " CHAIN_AUTH_IS_DOWN);
620+
int got_authdown_ruleset = NULL == get_ruleset(FWRULESET_AUTH_IS_DOWN) ? 0 : 1;
621+
if (got_authdown_ruleset)
622+
return iptables_do_command("-t mangle -F " CHAIN_AUTH_IS_DOWN);
623+
else
624+
return 1;
617625
}
618626

619627
/** Update the counters of all the clients in the client list */

0 commit comments

Comments
 (0)