qi-hardware/openwrt-xburst
1
0
Fork 0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2025-04-21 12:27:27 +03:00
Code Activity

firewall: introduce drop_invalid option to allow disabling the invalid state match

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14061 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow
2009-01-16 18:09:19 +00:00
parent a84679b42d
commit 9a3973d64e
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
package/firewall/files/uci_firewall.sh
View File

@@ -159,16 +159,19 @@ fw_defaults() {
$IPTABLES -t mangle -X $IPTABLES -t mangle -X
$IPTABLES -t nat -X $IPTABLES -t nat -X
$IPTABLES -X $IPTABLES -X
$IPTABLES -A INPUT -m state --state INVALID -j DROP config_get_bool drop_invalid $1 drop_invalid 1
[ "$drop_invalid" -gt 0 ] && {
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state INVALID -j DROP
}
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT