Skipping a defaults section because it contains invalid options can be a
security risk. If the user configures a default policy to DROP or
REJECT, this should always be applied. The user is warned about the
invalid option anyway.
This makes firewall4 behave like firewall3 with regards to defaults.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
flow_offloading_hw: [ "bool", "0" ]
});
- if (defs === false) {
- this.warn_section(data, "skipped due to invalid options");
- return;
- }
-
if (defs.synflood_protect === null)
defs.synflood_protect = defs.syn_flood;