From 95b58c66f9eab40dea43053db67c81925e76b5ca Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Thu, 5 Dec 2024 10:06:48 +0400
Subject: [PATCH] ignore all protocol

---
 firewall/iptables_linux.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/firewall/iptables_linux.go b/firewall/iptables_linux.go
index 2ddfd651f..8989e5b11 100644
--- a/firewall/iptables_linux.go
+++ b/firewall/iptables_linux.go
@@ -510,7 +510,7 @@ func (i *iptablesManager) InsertIngressRoutingRules(server string, ingressInfo m
 					continue
 				}
 				ruleSpec := []string{"-s", rule.SrcIP.String()}
-				if rule.AllowedProtocol.String() != "" {
+				if rule.AllowedProtocol.String() != "" && rule.AllowedProtocol != models.ALL {
 					ruleSpec = append(ruleSpec, "-p", rule.AllowedProtocol.String())
 				}
 				ruleSpec = append(ruleSpec, "--dport", port)
@@ -521,7 +521,7 @@ func (i *iptablesManager) InsertIngressRoutingRules(server string, ingressInfo m
 
 		} else {
 			ruleSpec := []string{"-s", rule.SrcIP.String()}
-			if rule.AllowedProtocol.String() != "" {
+			if rule.AllowedProtocol.String() != "" && rule.AllowedProtocol != models.ALL {
 				ruleSpec = append(ruleSpec, "-p", rule.AllowedProtocol.String())
 			}
 			ruleSpec = append(ruleSpec, "-j", "ACCEPT")
@@ -614,7 +614,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
 						continue
 					}
 					ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
-					if aclRule.AllowedProtocol.String() != "" {
+					if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
 						ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
 					}
 					ruleSpec = append(ruleSpec, "--dport", port)
@@ -625,7 +625,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
 
 			} else {
 				ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
-				if aclRule.AllowedProtocol.String() != "" {
+				if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
 					ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
 				}
 				ruleSpec = append(ruleSpec, "-j", "ACCEPT")
@@ -662,7 +662,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
 						continue
 					}
 					ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
-					if aclRule.AllowedProtocol.String() != "" {
+					if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
 						ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
 					}
 					ruleSpec = append(ruleSpec, "--dport", port)
@@ -673,7 +673,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
 
 			} else {
 				ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
-				if aclRule.AllowedProtocol.String() != "" {
+				if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
 					ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
 				}
 				ruleSpec = append(ruleSpec, "-j", "ACCEPT")