hurricos/openwrt-mirror
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2025-11-03 22:44:27 -05:00
Code Issues Projects Releases Wiki Activity

firewall: fix MSS issue affection RELATED new connections (closes: #5173)

Browse Source 
SVN-Revision: 17762
This commit is contained in:
Nicolas Thill 2009-09-27 13:57:09 +00:00
parent 48d6cee53b
commit b3d3e5d752
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/firewall/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=1 PKG_VERSION:=1
PKG_RELEASE:=7 PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

2
package/firewall/files/firewall.config
View File

@ -16,11 +16,11 @@ config zone
option output ACCEPT option output ACCEPT
option forward REJECT option forward REJECT
option masq 1 option masq 1
option mtu_fix 1
config forwarding config forwarding
option src lan option src lan
option dest wan option dest wan
option mtu_fix 1
# We need to accept udp packets on port 68, # We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108 # see https://dev.openwrt.org/ticket/4108

6
package/firewall/files/uci_firewall.sh
View File

@ -63,6 +63,7 @@ create_zone() {
$IPTABLES -N zone_$1_prerouting -t nat $IPTABLES -N zone_$1_prerouting -t nat
$IPTABLES -t raw -N zone_$1_notrack $IPTABLES -t raw -N zone_$1_notrack
[ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat [ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat
[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
} }
addif() { addif() {
@ -227,11 +228,12 @@ fw_zone() {
config_get network $1 network config_get network $1 network
config_get_bool masq $1 masq "0" config_get_bool masq $1 masq "0"
config_get_bool conntrack $1 conntrack "0" config_get_bool conntrack $1 conntrack "0"
config_get_bool mtu_fix $1 mtu_fix 0
load_policy $1 load_policy $1
[ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name" [ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name"
[ -z "$network" ] && network=$name [ -z "$network" ] && network=$name
create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix"
fw_custom_chains_zone "$name" fw_custom_chains_zone "$name"
} }
@ -305,11 +307,9 @@ fw_forwarding() {
config_get src $1 src config_get src $1 src
config_get dest $1 dest config_get dest $1 dest
config_get_bool mtu_fix $1 mtu_fix 0
[ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward
[ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT
$IPTABLES -I $z_src 1 -j $z_dest $IPTABLES -I $z_src 1 -j $z_dest
[ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX
# propagate masq zone flag # propagate masq zone flag
find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest