Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
# IPS Bypass Chain which stores the BYPASS bit in connection tracking
iptables -N IPSBYPASS
- iptables -A IPSBYPASS -j MARK --set-xmark "0/$(( IPS_REPEAT_MASK ))"
- iptables -A IPSBYPASS -j CONNMARK --save-mark
+ iptables -A IPSBYPASS -j CONNMARK --save-mark --mask "$(( ~IPS_REPEAT_MASK & 0xffffffff ))"
# Jump into bypass chain when the BYPASS bit is set
for chain in INPUT FORWARD OUTPUT; do