Fix for CentOS

- Fixed an issue with adding VPN related firewall rules on CentOS, Rocky Linux and similar Linux distributions, when firewalld is configured to be the sole owner of nftables. - Closes #1678. Thanks @CaptainFrosty!
2025-03-23 00:13:57 +03:00 · 2025-02-10 23:19:53 -06:00 · 2025-02-10 23:19:53 -06:00 · d7c20b818f
commit d7c20b818f
parent 9d7e4a3bab
1 changed files with 6 additions and 1 deletions
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -8,7 +8,7 @@
 # The latest version of this script is available at:
 # https://github.com/hwdsl2/setup-ipsec-vpn
 #
-# Copyright (C) 2015-2024 Lin Song <linsongui@gmail.com>
+# Copyright (C) 2015-2025 Lin Song <linsongui@gmail.com>
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
@ -618,6 +618,11 @@ update_iptables() {
  if [ "$ipt_flag" = 1 ]; then
    service fail2ban stop >/dev/null 2>&1
    if [ "$use_nft" = 1 ]; then
+      fd_conf=/etc/firewalld/firewalld.conf
+      if grep -qs '^NftablesTableOwner=yes' "$fd_conf"; then
+        sed -i '/NftablesTableOwner/s/yes/no/' "$fd_conf"
+        firewall-cmd --reload >/dev/null 2>&1
+      fi
      nft list ruleset > "$IPT_FILE.old-$SYS_DT"
      chmod 600 "$IPT_FILE.old-$SYS_DT"
    else