X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fnetwork%2Fconfig%2Ffirewall%2Ffiles%2Ffirewall.config;h=5e22f984ce9f9e0ef3bd63f73816356c2dd1d8df;hb=de8b88ce17c3e19cf1fe366be0de2e3c376762b0;hp=8874e9882c3083932fc90e061739dc265992eb61;hpb=bc552584640eba0bd428b70f724640a8fe9ceca2;p=openwrt%2Fstaging%2Fluka.git

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 8874e9882c..5e22f984ce 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -129,6 +129,19 @@ config rule
 	option proto		udp
 	option target		ACCEPT
 
+# allow interoperability with traceroute classic
+# note that traceroute uses a fixed port range, and depends on getting
+# back ICMP Unreachables.  if we're operating in DROP mode, it won't
+# work so we explicitly REJECT packets on these ports.
+config rule
+	option name		Support-UDP-Traceroute
+	option src		wan
+	option dest_port	33434:33689
+	option proto		udp
+	option family		ipv4
+	option target		REJECT
+	option enabled		false
+
 # include a file with users custom iptables rules
 config include
 	option path /etc/firewall.user