From 7317d929bf8f53c3659ae0dd6f40abd784d8f1e3 Mon Sep 17 00:00:00 2001
From: rufoa <rufo@rufoa.com>
Date: Mon, 30 Jun 2014 18:09:20 +0100
Subject: [PATCH] fix iptables rule removal

tails_close_port should remove the previously added ACCEPT rule, rather than inserting an explicit REJECT rule. This ensures the firewall is restored to its original state, which may not necessarily have had a REJECT rule on that port.
---
 onionshare/onionshare.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/onionshare/onionshare.py b/onionshare/onionshare.py
index e728577e..9771068f 100644
--- a/onionshare/onionshare.py
+++ b/onionshare/onionshare.py
@@ -159,7 +159,7 @@ def tails_open_port(port):
 def tails_close_port(port):
     if get_platform() == 'Tails':
         print translated("closing_hole")
-        subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'REJECT'])
+        subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
 
 def load_strings(default="en"):
     global strings