X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=blobdiff_plain;f=package%2Fiptables%2Ffiles%2Ffirewall.init;h=68fc3de62e6c46acc9855e6e578bff55ed38a6fe;hp=a4014f3ee71e4fe3ae584e5a4d4eaa0373cdb8ef;hb=07c45f50244796113ac73189e228012c3c72f9c8;hpb=100179ce3b1ffdee08b64d87b5a362e54cbdf70c

diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index a4014f3ee7..68fc3de62e 100755
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -2,7 +2,7 @@
 # Copyright (C) 2006 OpenWrt.org
 
 ## Please make changes in /etc/firewall.user
-START=45
+START=35
 start() {
 	include /lib/network
 	scan_interfaces
@@ -22,7 +22,8 @@ start() {
 	iptables -N output_rule
 	iptables -N forwarding_rule
 	iptables -N forwarding_wan
-	
+
+	iptables -t nat -N NEW
 	iptables -t nat -N prerouting_rule
 	iptables -t nat -N prerouting_wan
 	iptables -t nat -N postrouting_rule
@@ -99,11 +100,15 @@ start() {
 	# uses the default -P DROP
 	
 	### MASQ
+	iptables -t nat -A PREROUTING -m state --state NEW -p tcp -j NEW 
 	iptables -t nat -A PREROUTING -j prerouting_rule
 	[ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan
 	iptables -t nat -A POSTROUTING -j postrouting_rule
 	[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
-	
+
+	iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+		iptables -t nat -A NEW -j DROP
+
 	## USER RULES
 	[ -f /etc/firewall.user ] && . /etc/firewall.user
 	[ -n "$WAN" -a -e /etc/config/firewall ] && {