From 9ee849eb3f2c6c12f46c8cc65f1d05cbfe03be01 Mon Sep 17 00:00:00 2001
From: Tim Wilkinson <tim.j.wilkinson@gmail.com>
Date: Fri, 23 Dec 2022 21:00:35 -0800
Subject: [PATCH] More xlink firewall fixes (#581)

---
 files/etc/local/mesh-firewall/05-xlink | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files/etc/local/mesh-firewall/05-xlink b/files/etc/local/mesh-firewall/05-xlink
index d8227cc1..aa752df1 100755
--- a/files/etc/local/mesh-firewall/05-xlink
+++ b/files/etc/local/mesh-firewall/05-xlink
@@ -54,7 +54,7 @@ if nixio.fs.stat("/etc/config.mesh/xlink") then
             local ifname = section.ifname
             nft_delete("forward", "iifname \"" .. ifname .. "\".*jump forward_dtdlink")
             nft_delete("input", "iifname \"" .. ifname .. "\".*jump input_dtdlink")
-            nft_delete("output", "oifname \"" .. ifname .. "\".*jump accept_to_dtdlink")
+            nft_delete("output", "oifname \"" .. ifname .. "\".*jump output_dtdlink")
             nft_delete("accept_to_dtdlink", "oifname \"" .. ifname .. "\".*accept")
             nft_delete("reject_to_dtdlink", "oifname \"" .. ifname .. "\".*reject")
             nft_delete("reject_from_dtdlink", "iifname \"" .. ifname .. "\".*reject")
@@ -66,8 +66,8 @@ if nixio.fs.stat("/etc/config.mesh/xlink") then
         function(section)
             local ifname = section.ifname
             os.execute("/usr/sbin/nft insert rule ip fw4 forward iifname \"" .. ifname .. "\" counter jump forward_dtdlink")
-            os.execute("/usr/sbin/nft insert rule ip fw4 input iifname \"" .. ifname .. "\" counter jump input_dtdlink")
-            os.execute("/usr/sbin/nft insert rule ip fw4 output oifname \"" .. ifname .. "\" counter jump accept_to_dtdlink")
+            os.execute("/usr/sbin/nft add rule ip fw4 input iifname \"" .. ifname .. "\" counter jump input_dtdlink")
+            os.execute("/usr/sbin/nft add rule ip fw4 output oifname \"" .. ifname .. "\" counter jump output_dtdlink")
             os.execute("/usr/sbin/nft add rule ip fw4 accept_to_dtdlink oifname \"" .. ifname .. "\" counter accept")
             os.execute("/usr/sbin/nft add rule ip fw4 reject_to_dtdlink oifname \"" .. ifname .. "\" counter reject")
             os.execute("/usr/sbin/nft add rule ip fw4 reject_from_dtdlink iifname \"" .. ifname .. "\" counter reject")