projects
/
project
/
firewall4.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
ruleset: drop ctstate invalid traffic for masq-enabled zones
[project/firewall4.git]
/
tests
/
02_zones
/
03_masq_src_dest_restrictions
diff --git
a/tests/02_zones/03_masq_src_dest_restrictions
b/tests/02_zones/03_masq_src_dest_restrictions
index 2cb0ce459f6365c949c6a58947d75ad4f5772832..011ef8912adea405c77bd18675c5760c2d8e1e23 100644
(file)
--- a/
tests/02_zones/03_masq_src_dest_restrictions
+++ b/
tests/02_zones/03_masq_src_dest_restrictions
@@
-171,6
+171,7
@@
table inet fw4 {
}
chain accept_to_test1 {
+ meta nfproto ipv4 oifname "zone1" ct state invalid counter drop comment "!fw4: Prevent NAT leakage"
oifname "zone1" counter accept comment "!fw4: accept test1 IPv4/IPv6 traffic"
}