firewall: optimize DNAT rules and skip invalid rules and redirects (#14485)

	- instead of writing one (or more) ACCEPT rules in the filter table
	  for each redirect install a global ctstate DNAT accept rule per zone

	- discard rules and redirects which have invalid options set instead
	  of silently skipping the invalid values

SVN-Revision: 38849

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index ac4d16a388a6a82a040d6f4e818bbc3b5555e04d..cde3aa8ebc245139d46a661917aea79b130c313f 100644 (file)
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_VERSION:=2013-10-23
+PKG_VERSION:=2013-11-18
 PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/firewall3.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=c25922c05ae594c4c35fa65f27fd21c3a033f4ec
+PKG_SOURCE_VERSION:=fa3386a7054aa9541decd68c8cf8de1e0d6f8832
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>