Changeset 17762


Ignore:
Timestamp:
2009-09-27T15:57:09+02:00 (7 years ago)
Author:
nico
Message:

[package] firewall: fix MSS issue affection RELATED new connections (closes: #5173)

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/8.09/package/firewall/Makefile

    r17583 r17762  
    1010 
    1111PKG_VERSION:=1 
    12 PKG_RELEASE:=1.3 
     12PKG_RELEASE:=1.4 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • branches/8.09/package/firewall/files/firewall.config

    r17239 r17762  
    1717        option forward  REJECT 
    1818        option masq             1  
     19        option mtu_fix  1 
    1920 
    2021config forwarding  
    2122        option src      lan 
    2223        option dest     wan 
    23         option mtu_fix  1 
    2424 
    2525# We need to accept udp packets on port 68, 
  • branches/8.09/package/firewall/files/uci_firewall.sh

    r17757 r17762  
    5353        $IPTABLES -N zone_$1_prerouting -t nat 
    5454        [ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat 
     55        [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX 
    5556} 
    5657 
     
    213214        config_get network $1 network 
    214215        config_get masq $1 masq 
     216        config_get_bool mtu_fix $1 mtu_fix 0 
     217 
    215218        load_policy $1 
    216219 
    217220        [ -z "$network" ] && network=$name 
    218         create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" 
     221        create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix" 
    219222        fw_custom_chains_zone "$name" 
    220223} 
     
    287290        config_get src $1 src 
    288291        config_get dest $1 dest 
    289         config_get_bool mtu_fix $1 mtu_fix 0 
    290292        [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward 
    291293        [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT 
    292294        $IPTABLES -I $z_src 1 -j $z_dest 
    293         [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX 
    294295} 
    295296 
  • trunk/package/firewall/Makefile

    r17580 r17762  
    1010 
    1111PKG_VERSION:=1 
    12 PKG_RELEASE:=7 
     12PKG_RELEASE:=8 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • trunk/package/firewall/files/firewall.config

    r17238 r17762  
    1717        option forward  REJECT 
    1818        option masq             1  
     19        option mtu_fix  1 
    1920 
    2021config forwarding  
    2122        option src      lan 
    2223        option dest     wan 
    23         option mtu_fix  1 
    2424 
    2525# We need to accept udp packets on port 68, 
  • trunk/package/firewall/files/uci_firewall.sh

    r17713 r17762  
    6464        $IPTABLES -t raw -N zone_$1_notrack 
    6565        [ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat 
     66        [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX 
    6667} 
    6768 
     
    228229        config_get_bool masq $1 masq "0" 
    229230        config_get_bool conntrack $1 conntrack "0" 
     231        config_get_bool mtu_fix $1 mtu_fix 0 
    230232 
    231233        load_policy $1 
    232234        [ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name" 
    233235        [ -z "$network" ] && network=$name 
    234         create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" 
     236        create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix" 
    235237        fw_custom_chains_zone "$name" 
    236238} 
     
    306308        config_get src $1 src 
    307309        config_get dest $1 dest 
    308         config_get_bool mtu_fix $1 mtu_fix 0 
    309310        [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward 
    310311        [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT 
    311312        $IPTABLES -I $z_src 1 -j $z_dest 
    312         [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX 
    313313 
    314314        # propagate masq zone flag 
Note: See TracChangeset for help on using the changeset viewer.