From: Jo-Philipp Wich <jo@mein.io>
Date: Fri, 13 Jan 2017 17:31:08 +0000 (+0100)
Subject: firewall: fix forwarding local subnet traffic
X-Git-Tag: v17.01.0-rc1~88
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=commitdiff_plain;h=920170a27fe9a3b66d5a857d70408dbac3720e0f;ds=sidebyside

firewall: fix forwarding local subnet traffic

Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.

Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index ee31d17b25..0d57340ab9 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2016-11-29
-PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
-PKG_MIRROR_HASH:=6ba6e96a588dd3afd7e9db7e9246c5cc6c560aa95385592960c6b71b5a9c6395
+PKG_SOURCE_DATE:=2017-01-13
+PKG_SOURCE_VERSION:=37cb4cb437fd685f31926a4c326ba8afe329e4a6
+PKG_MIRROR_HASH:=7ee075f05977e5d9a78e661b537e6eb077c8f328ff2e71d1e2fbef44cca97355
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC