mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixes #25: unique connmark identifier

Browse source
This commit is contained in:
Simone Margaritelli 2017-05-03 11:35:07 +02:00
parent c6716c1bd6
commit f32b7b9b7e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
opensnitch/snitch.py
View file

@ -35,7 +35,7 @@ class Snitch:
# Get connection packets
"OUTPUT -t mangle -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0 --queue-bypass",
# Reject packets marked by OpenSnitch
"OUTPUT --protocol tcp -m mark --mark 1 -j REJECT" )
"OUTPUT --protocol tcp -m mark --mark 101285 -j REJECT" )
# TODO: Support IPv6!
def __init__( self ):
@ -87,7 +87,7 @@ class Snitch:
if verd == Rule.DROP:
logging.info( "Dropping %s from %s" % ( conn, conn.get_app_name() ) )
# mark this packet so iptables will drop it
pkt.set_mark(1)
pkt.set_mark(101285)
pkt.drop()
else:
pkt.accept()