From d7c20b818f6e7b3873a08475bdded7fdc8f2004e Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Mon, 10 Feb 2025 23:19:53 -0600
Subject: [PATCH] Fix for CentOS

- Fixed an issue with adding VPN related firewall rules on CentOS,
  Rocky Linux and similar Linux distributions, when firewalld is
  configured to be the sole owner of nftables.
- Closes #1678. Thanks @CaptainFrosty!
---
 vpnsetup_centos.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 0eee087..e6bf08e 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -8,7 +8,7 @@
 # The latest version of this script is available at:
 # https://github.com/hwdsl2/setup-ipsec-vpn
 #
-# Copyright (C) 2015-2024 Lin Song <linsongui@gmail.com>
+# Copyright (C) 2015-2025 Lin Song <linsongui@gmail.com>
 # Based on the work of Thomas Sarlandie (Copyright 2012)
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
@@ -618,6 +618,11 @@ update_iptables() {
   if [ "$ipt_flag" = 1 ]; then
     service fail2ban stop >/dev/null 2>&1
     if [ "$use_nft" = 1 ]; then
+      fd_conf=/etc/firewalld/firewalld.conf
+      if grep -qs '^NftablesTableOwner=yes' "$fd_conf"; then
+        sed -i '/NftablesTableOwner/s/yes/no/' "$fd_conf"
+        firewall-cmd --reload >/dev/null 2>&1
+      fi
       nft list ruleset > "$IPT_FILE.old-$SYS_DT"
       chmod 600 "$IPT_FILE.old-$SYS_DT"
     else