From 2181b55552b061ad76dd4126a0c6a0f15de0b288 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 12 Jun 2013 12:50:33 +0200
Subject: [PATCH] openvpnctl: Flush BLOCK and SNAT chain when needed.

---
 src/misc-progs/openvpnctrl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 3a4c6db80..95027577e 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -295,6 +295,10 @@ void deleteAllChains(void) {
 	deleteChain(OVPNRED);
 	deleteChain(OVPNBLUE);
 	deleteChain(OVPNORANGE);
+
+	// Only flush chains that are created by the firewall
+	flushChain(OVPNBLOCK);
+	flushChainNAT(OVPNNAT);
 }
 
 void createChainReference(char *chain) {
@@ -458,6 +462,7 @@ void setFirewallRules(void) {
 	flushChain(OVPNRED);
 	flushChain(OVPNBLUE);
 	flushChain(OVPNORANGE);
+	flushChain(OVPNBLOCK);
 	flushChainNAT(OVPNNAT);
 
 	// set firewall rules
-- 
2.39.2