Improve nftables rules
- Fixed an issue where AlmaLinux 9 users may encounter the error "unsupported xtables compat expression" for xt target "MASQUERADE", which prevents nftables rules from loading. This could happen if the server already has OpenVPN and/or WireGuard installed before installing the IPsec VPN.
This commit is contained in:
parent
2247387826
commit
2991302d57
@ -728,6 +728,9 @@ start_services() {
|
|||||||
restorecon /usr/local/sbin -Rv 2>/dev/null
|
restorecon /usr/local/sbin -Rv 2>/dev/null
|
||||||
restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
|
restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
|
||||||
if [ "$use_nft" = 1 ]; then
|
if [ "$use_nft" = 1 ]; then
|
||||||
|
if ! nft -c -f "$IPT_FILE" >/dev/null 2>&1; then
|
||||||
|
sed -i '/ip6 saddr fddd:\(2c4\|1194\):/s/xt target "MASQUERADE"/masquerade/' "$IPT_FILE"
|
||||||
|
fi
|
||||||
nft -f "$IPT_FILE"
|
nft -f "$IPT_FILE"
|
||||||
else
|
else
|
||||||
iptables-restore < "$IPT_FILE"
|
iptables-restore < "$IPT_FILE"
|
||||||
|
Loading…
Reference in New Issue
Block a user