From 97533cbaefe77883dde54b45c527dde4c92e2366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=B3=E6=B0=91=C2=B7=E5=AF=BB=E6=A2=A6=20=28Pingmin=20?= =?UTF-8?q?Fenlly=20Liu=29?= Date: Mon, 4 Jun 2018 10:33:14 +0800 Subject: [PATCH] Add the "!" to the nft rule checking --- security/firewall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/firewall.md b/security/firewall.md index d5c5bc75..604a9db0 100644 --- a/security/firewall.md +++ b/security/firewall.md @@ -384,7 +384,7 @@ fi # In Qubes OS R4 # If not already present -if nft -nn list table ip qubes-firewall | grep "tcp dport 443 ct state new"; then +if ! nft -nn list table ip qubes-firewall | grep "tcp dport 443 ct state new"; then # Add a filtering rule nft add rule ip qubes-firewall forward meta iifname eth0 ip saddr 192.168.x.0/24 ip daddr 10.137.0.y tcp dport 443 ct state new counter accept