firewall: clear the MSSFIX rules

[openwrt/svn-archive/archive.git] / package / firewall / files / uci_firewall.sh

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 41b2b5f76c399274fb871673c5ad3fd36549358a..579a8a6c3a5beaa7f000b639a1cf92c45eaab59a 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -77,6 +77,7 @@ addif() {
 delif() {
        logger "removing $1 from firewall zone $2"
        $IPTABLES -D input -i $1 -j zone_$2
+       $IPTABLES -D zone_$2_MSSFIX -o $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
        $IPTABLES -D zone_$2_ACCEPT -o $1 -j ACCEPT
        $IPTABLES -D zone_$2_DROP -o $1 -j DROP
        $IPTABLES -D zone_$2_REJECT -o $1 -j reject
@@ -217,6 +218,16 @@ fw_rule() {
        config_get proto $1 proto
        config_get target $1 target
        config_get ruleset $1 ruleset
+
+       src_port_first=${src_port%-*}
+       src_port_last=${src_port#*-}
+       [ "$src_port_first" -ne "$src_port_last" ] && { \
+               src_port="$src_port_first:$src_port_last"; }
+
+       dest_port_first=${dest_port%-*}
+       dest_port_last=${dest_port#*-}
+       [ "$dest_port_first" -ne "$dest_port_last" ] && { \
+               dest_port="$dest_port_first:$dest_port_last"; }
        
        ZONE=input
        TARGET=$target