kmod-oaf: limit conntrack direction

jjm2473 · Mar 14, 2024 · 5b50f7b · 5b50f7b
1 parent f6577b2
commit 5b50f7b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c
@@ -980,7 +980,7 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
 		return NF_ACCEPT;
 
 	ct = nf_ct_get(skb, &ctinfo);
-	if (ct == NULL || !nf_ct_is_confirmed(ct))
+	if (ct == NULL || CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY || !nf_ct_is_confirmed(ct))
 		return NF_ACCEPT;
 
 	AF_CLIENT_LOCK_R();