mirror
/
gluon-packages
mirror of https://github.com/freifunk-gluon/packages.git
1
0
Fork 0
Code Releases Activity

gluon-firewall: enable conntrack on WAN 

Otherwise, the state match doesn't work, not allowing replies to outgoing
packets to get in.
This commit is contained in:
Matthias Schiffer 2014-06-13 21:56:32 +02:00
parent cbb2beeae9
commit 7004c12983
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall
View File

@ -9,6 +9,7 @@ local c = uci.cursor()
local function reject_input_on_wan(zone)
if zone.name == 'wan' then
c:set('firewall', zone['.name'], 'input', 'REJECT')
c:set('firewall', zone['.name'], 'conntrack', '1')
end
return true