projects
/
openwrt
/
svn-archive
/
openwrt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
afe1314
)
merge r14061 to 8.09
author
Jo-Philipp Wich
<jow@openwrt.org>
Fri, 16 Jan 2009 18:11:27 +0000
(18:11 +0000)
committer
Jo-Philipp Wich
<jow@openwrt.org>
Fri, 16 Jan 2009 18:11:27 +0000
(18:11 +0000)
SVN-Revision: 14062
package/firewall/files/uci_firewall.sh
patch
|
blob
|
history
diff --git
a/package/firewall/files/uci_firewall.sh
b/package/firewall/files/uci_firewall.sh
index fd108993c8ba1c5f2da16df454443e0688e26932..f38bd6b9ae19c3e1d114c964c651804c347985a7 100755
(executable)
--- a/
package/firewall/files/uci_firewall.sh
+++ b/
package/firewall/files/uci_firewall.sh
@@
-159,16
+159,19
@@
fw_defaults() {
$IPTABLES -t mangle -X
$IPTABLES -t nat -X
$IPTABLES -X
$IPTABLES -t mangle -X
$IPTABLES -t nat -X
$IPTABLES -X
-
- $IPTABLES -A INPUT -m state --state INVALID -j DROP
+
+ config_get_bool drop_invalid $1 drop_invalid 1
+
+ [ "$drop_invalid" -gt 0 ] && {
+ $IPTABLES -A INPUT -m state --state INVALID -j DROP
+ $IPTABLES -A OUTPUT -m state --state INVALID -j DROP
+ $IPTABLES -A FORWARD -m state --state INVALID -j DROP
+ }
+
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-
- $IPTABLES -A OUTPUT -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-
- $IPTABLES -A FORWARD -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-
+
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT