From: Nicolas Thill Date: Sun, 27 Sep 2009 13:57:09 +0000 (+0000) Subject: [package] firewall: fix MSS issue affection RELATED new connections (closes: #5173) X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;h=ff2c44ec9eb3b6cd411d3a92d865659f1d74e95f;hp=e13d2ed22c2825436019a8b10632229ef8c2af15 [package] firewall: fix MSS issue affection RELATED new connections (closes: #5173) SVN-Revision: 17762 --- diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 6326fe4266..0523b6601c 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=1 -PKG_RELEASE:=1.3 +PKG_RELEASE:=1.4 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config index 5a4b5af436..50a92f71ef 100644 --- a/package/firewall/files/firewall.config +++ b/package/firewall/files/firewall.config @@ -16,11 +16,11 @@ config zone option output ACCEPT option forward REJECT option masq 1 + option mtu_fix 1 config forwarding option src lan option dest wan - option mtu_fix 1 # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 9345de78e9..8418b64d30 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -52,6 +52,7 @@ create_zone() { $IPTABLES -N zone_$1_nat -t nat $IPTABLES -N zone_$1_prerouting -t nat [ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat + [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX } addif() { @@ -212,10 +213,12 @@ fw_zone() { config_get name $1 name config_get network $1 network config_get masq $1 masq + config_get_bool mtu_fix $1 mtu_fix 0 + load_policy $1 [ -z "$network" ] && network=$name - create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" + create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix" fw_custom_chains_zone "$name" } @@ -286,11 +289,9 @@ fw_forwarding() { config_get src $1 src config_get dest $1 dest - config_get_bool mtu_fix $1 mtu_fix 0 [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT $IPTABLES -I $z_src 1 -j $z_dest - [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX } fw_redirect() {