mirror of https://github.com/aredn/aredn.git
Fix rule checking for existing drop rules. (#719)
This commit is contained in:
parent
32e02de328
commit
05d247d15f
|
@ -135,12 +135,12 @@ function update_block(track)
|
||||||
if should_block(track) then
|
if should_block(track) then
|
||||||
track.blocked = true
|
track.blocked = true
|
||||||
if track.type == "Tunnel" then
|
if track.type == "Tunnel" then
|
||||||
if not nft_handle("input_lqm", "iifname \\\"" .. track.device .. "\\\" udp dport 698 .* drop") then
|
if not nft_handle("input_lqm", "iifname \\\"" .. track.device .. "\\\" udp dport 698 drop") then
|
||||||
os.execute(NFT .. " insert rule ip fw4 input_lqm iifname \\\"" .. track.device .. "\\\" udp dport 698 drop 2> /dev/null")
|
os.execute(NFT .. " insert rule ip fw4 input_lqm iifname \\\"" .. track.device .. "\\\" udp dport 698 drop 2> /dev/null")
|
||||||
return "blocked"
|
return "blocked"
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
if not nft_handle("input_lqm", "udp dport 698 ether saddr " .. track.mac:lower() .. " .* drop") then
|
if not nft_handle("input_lqm", "udp dport 698 ether saddr " .. track.mac:lower() .. " drop") then
|
||||||
os.execute(NFT .. " insert rule ip fw4 input_lqm udp dport 698 ether saddr " .. track.mac .. " drop 2> /dev/null")
|
os.execute(NFT .. " insert rule ip fw4 input_lqm udp dport 698 ether saddr " .. track.mac .. " drop 2> /dev/null")
|
||||||
return "blocked"
|
return "blocked"
|
||||||
end
|
end
|
||||||
|
@ -148,13 +148,13 @@ function update_block(track)
|
||||||
else
|
else
|
||||||
track.blocked = false
|
track.blocked = false
|
||||||
if track.type == "Tunnel" then
|
if track.type == "Tunnel" then
|
||||||
local handle = nft_handle("input_lqm", "iifname \\\"" .. track.device .. "\\\" udp dport 698 .* drop")
|
local handle = nft_handle("input_lqm", "iifname \\\"" .. track.device .. "\\\" udp dport 698 drop")
|
||||||
if handle then
|
if handle then
|
||||||
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
||||||
return "unblocked"
|
return "unblocked"
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
local handle = nft_handle("input_lqm", "udp dport 698 ether saddr " .. track.mac:lower() .. " .* drop")
|
local handle = nft_handle("input_lqm", "udp dport 698 ether saddr " .. track.mac:lower() .. " drop")
|
||||||
if handle then
|
if handle then
|
||||||
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
||||||
return "unblocked"
|
return "unblocked"
|
||||||
|
@ -166,11 +166,11 @@ end
|
||||||
|
|
||||||
function force_remove_block(track)
|
function force_remove_block(track)
|
||||||
track.blocked = false
|
track.blocked = false
|
||||||
local handle = nft_handle("input_lqm", "udp dport 698 ether saddr " .. track.mac:lower() .. " .* drop")
|
local handle = nft_handle("input_lqm", "udp dport 698 ether saddr " .. track.mac:lower() .. " drop")
|
||||||
if handle then
|
if handle then
|
||||||
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
||||||
end
|
end
|
||||||
handle = nft_handle("input_lqm", "iifname \\\"" .. track.device .. "\\\" udp dport 698 .* drop")
|
handle = nft_handle("input_lqm", "iifname \\\"" .. track.device .. "\\\" udp dport 698 drop")
|
||||||
if handle then
|
if handle then
|
||||||
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
os.execute(NFT .. " delete rule ip fw4 input_lqm handle " .. handle)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue