From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 12 Jun 2013 10:50:33 +0000 (+0200)
Subject: openvpnctl: Flush BLOCK and SNAT chain when needed.
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=2181b55552b061ad76dd4126a0c6a0f15de0b288

openvpnctl: Flush BLOCK and SNAT chain when needed.
---

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 3a4c6db80..95027577e 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -295,6 +295,10 @@ void deleteAllChains(void) {
 	deleteChain(OVPNRED);
 	deleteChain(OVPNBLUE);
 	deleteChain(OVPNORANGE);
+
+	// Only flush chains that are created by the firewall
+	flushChain(OVPNBLOCK);
+	flushChainNAT(OVPNNAT);
 }
 
 void createChainReference(char *chain) {
@@ -458,6 +462,7 @@ void setFirewallRules(void) {
 	flushChain(OVPNRED);
 	flushChain(OVPNBLUE);
 	flushChain(OVPNORANGE);
+	flushChain(OVPNBLOCK);
 	flushChainNAT(OVPNNAT);
 
 	// set firewall rules