projects / openwrt / staging / yousong.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9641cee) | patch
firewall: fix forwarding local subnet traffic
authorJo-Philipp Wich <jo@mein.io>
Fri, 13 Jan 2017 17:31:08 +0000 (18:31 +0100)
committerJo-Philipp Wich <jo@mein.io>
Fri, 13 Jan 2017 17:31:36 +0000 (18:31 +0100)
commit920170a27fe9a3b66d5a857d70408dbac3720e0f
treeebb5c7006a0ab4871e5146cc8dc1890f574a70d2tree | snapshot
parent9641ceea0ce68d1c507b9d2bbe7cf8da518a2eb8commit | diff
firewall: fix forwarding local subnet traffic

Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.

Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
package/network/config/firewall/Makefile diff | blob | history
Yousong Zhou staging tree