firewall: fix MSS issue affection RELATED new connections (closes: #5173)

[openwrt/staging/florian.git] / package / firewall / files / uci_firewall.sh

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 3c13631a3b9b805abaed7018f62a645e063cb162..3aa1f69c46f958f37da846d14fcac8454984f440 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -63,6 +63,7 @@ create_zone() {
        $IPTABLES -N zone_$1_prerouting -t nat
        $IPTABLES -t raw -N zone_$1_notrack
        [ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat
+       [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
 }
 
 addif() {
@@ -227,11 +228,12 @@ fw_zone() {
        config_get network $1 network
        config_get_bool masq $1 masq "0"
        config_get_bool conntrack $1 conntrack "0"
+       config_get_bool mtu_fix $1 mtu_fix 0
 
        load_policy $1
        [ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name"
        [ -z "$network" ] && network=$name
-       create_zone "$name" "$network" "$input" "$output" "$forward" "$masq"
+       create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix"
        fw_custom_chains_zone "$name"
 }
 
@@ -305,11 +307,9 @@ fw_forwarding() {
 
        config_get src $1 src
        config_get dest $1 dest
-       config_get_bool mtu_fix $1 mtu_fix 0
        [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward
        [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT
        $IPTABLES -I $z_src 1 -j $z_dest
-       [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX
 
        # propagate masq zone flag
        find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest