| skipped 227 lines |
| 228 | 228 | | add_or_remove = "D" |
| 229 | 229 | | cmds = [] |
| 230 | 230 | | for proto in ["tcp", "udp"]: |
| 231 | | - | cmds += ["iptables -%s %s -p %s --%s %d -i %s -j NFQUEUE --queue-num %d" % |
| | 231 | + | cmds += ["iptables -%s %s -p %s --%s %d -o %s -j NFQUEUE --queue-num %d" % |
| 232 | 232 | | (add_or_remove, out_chain, proto, port1, self.server_port, self.interface, self.out_queue_num), |
| 233 | 233 | | "iptables -%s %s -p %s --%s %d -i %s -j NFQUEUE --queue-num %d" % |
| 234 | 234 | | (add_or_remove, in_chain, proto, port2, self.server_port, self.interface, self.in_queue_num)] |
| 235 | 235 | | # If this machine is acting as a middlebox, we need to add the same rules again |
| 236 | 236 | | # in the opposite direction so that we can pass packets back and forth |
| 237 | 237 | | if self.forwarder: |
| 238 | | - | cmds += ["iptables -%s %s -p %s --%s %d -i %s -j NFQUEUE --queue-num %d" % |
| | 238 | + | cmds += ["iptables -%s %s -p %s --%s %d -o %s -j NFQUEUE --queue-num %d" % |
| 239 | 239 | | (add_or_remove, out_chain, proto, port2, self.server_port, self.interface, self.out_queue_num), |
| 240 | 240 | | "iptables -%s %s -p %s --%s %d -i %s -j NFQUEUE --queue-num %d" % |
| 241 | 241 | | (add_or_remove, in_chain, proto, port1, self.server_port, self.interface, self.in_queue_num)] |
| skipped 232 lines |
Kkevsterrr
committed
4 years ago
1 parent 55183b2d