diff options
author | rufoa <rufo@rufoa.com> | 2014-06-30 18:09:20 +0100 |
---|---|---|
committer | rufoa <rufo@rufoa.com> | 2014-06-30 18:09:20 +0100 |
commit | 7317d929bf8f53c3659ae0dd6f40abd784d8f1e3 (patch) | |
tree | 4750bcefa2f088c5115ac1b7064b7660b33ec273 | |
parent | 1036ae68ffe66ac3df4a161d67e700b984d94bf5 (diff) | |
download | onionshare-7317d929bf8f53c3659ae0dd6f40abd784d8f1e3.tar.gz onionshare-7317d929bf8f53c3659ae0dd6f40abd784d8f1e3.zip |
fix iptables rule removal
tails_close_port should remove the previously added ACCEPT rule, rather than inserting an explicit REJECT rule. This ensures the firewall is restored to its original state, which may not necessarily have had a REJECT rule on that port.
-rw-r--r-- | onionshare/onionshare.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/onionshare/onionshare.py b/onionshare/onionshare.py index e728577e..9771068f 100644 --- a/onionshare/onionshare.py +++ b/onionshare/onionshare.py @@ -159,7 +159,7 @@ def tails_open_port(port): def tails_close_port(port): if get_platform() == 'Tails': print translated("closing_hole") - subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'REJECT']) + subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT']) def load_strings(default="en"): global strings |