Merge pull request #793 from safing/fix/iptables-blocking

Use correct ICMP message for blocking connections in iptables
2022-08-24 13:43:57 +02:00
parent 3b9a1b099a 57c23c7e07
commit b26ee9af58
1 changed files with 2 additions and 2 deletions
--- a/firewall/interception/nfqueue_linux.go
+++ b/firewall/interception/nfqueue_linux.go
@@ -65,7 +65,7 @@ func init() {
 		// as the rejection ICMP packet will have the same mark. Blocked ICMP
 		// packets will always result in a drop within the Portmaster.
 		"filter PORTMASTER-FILTER -m mark --mark 1701 -p icmp -j RETURN",
-		"filter PORTMASTER-FILTER -m mark --mark 1701 -j REJECT --reject-with icmp-host-prohibited",
+		"filter PORTMASTER-FILTER -m mark --mark 1701 -j REJECT --reject-with icmp-admin-prohibited",
 		"filter PORTMASTER-FILTER -m mark --mark 1702 -j DROP",
 		"filter PORTMASTER-FILTER -j CONNMARK --save-mark",
 		"filter PORTMASTER-FILTER -m mark --mark 1710 -j RETURN",
@@ -73,7 +73,7 @@ func init() {
 		// as the rejection ICMP packet will have the same mark. Blocked ICMP
 		// packets will always result in a drop within the Portmaster.
 		"filter PORTMASTER-FILTER -m mark --mark 1711 -p icmp -j RETURN",
-		"filter PORTMASTER-FILTER -m mark --mark 1711 -j REJECT --reject-with icmp-host-prohibited",
+		"filter PORTMASTER-FILTER -m mark --mark 1711 -j REJECT --reject-with icmp-admin-prohibited",
 		"filter PORTMASTER-FILTER -m mark --mark 1712 -j DROP",
 		"filter PORTMASTER-FILTER -m mark --mark 1717 -j RETURN",