github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix connection blocking on Linux

Browse Source
This commit is contained in:
Daniel
2020-11-06 08:53:07 +01:00
parent 224ae219da
commit 28bb8ec6ca
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
firewall/interception/nfq/packet.go
View File

@@ -122,6 +122,12 @@ func (pkt *packet) Accept() error {
}
func (pkt *packet) Block() error {
if pkt.Info().Protocol == pmpacket.ICMP {
// ICMP packets attributed to a blocked connection are always allowed, as
// rejection ICMP packets will have the same mark as the blocked
// connection. This is why we need to drop blocked ICMP packets instead.
return pkt.mark(MarkDrop)
}
return pkt.mark(MarkBlock)
}
@@ -134,6 +140,12 @@ func (pkt *packet) PermanentAccept() error {
}
func (pkt *packet) PermanentBlock() error {
if pkt.Info().Protocol == pmpacket.ICMP {
// ICMP packets attributed to a blocked connection are always allowed, as
// rejection ICMP packets will have the same mark as the blocked
// connection. This is why we need to drop blocked ICMP packets instead.
return pkt.mark(MarkDropAlways)
}
return pkt.mark(MarkBlockAlways)
}