summaryrefslogtreecommitdiffstats
path: root/package/iptables
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2007-02-08 01:25:18 +0000
committerFelix Fietkau <nbd@openwrt.org>2007-02-08 01:25:18 +0000
commit8e88bb54ba6a806865059ee47c13acb581c05dfb (patch)
treec54ea07311c8696d8c9887e1f585b483d43b0f8a /package/iptables
parent271a77fa90581ca4031833a0e73db72f18ef8660 (diff)
downloadmaster-31e0f0ae-8e88bb54ba6a806865059ee47c13acb581c05dfb.tar.gz
master-31e0f0ae-8e88bb54ba6a806865059ee47c13acb581c05dfb.tar.bz2
master-31e0f0ae-8e88bb54ba6a806865059ee47c13acb581c05dfb.zip
port [6229] to kamikaze
SVN-Revision: 6275
Diffstat (limited to 'package/iptables')
-rwxr-xr-xpackage/iptables/files/firewall.init9
1 files changed, 7 insertions, 2 deletions
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index a4014f3ee7..290bae1eac 100755
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -22,7 +22,8 @@ start() {
iptables -N output_rule
iptables -N forwarding_rule
iptables -N forwarding_wan
-
+
+ iptables -t nat -N NEW
iptables -t nat -N prerouting_rule
iptables -t nat -N prerouting_wan
iptables -t nat -N postrouting_rule
@@ -99,11 +100,15 @@ start() {
# uses the default -P DROP
### MASQ
+ iptables -t nat -A PREROUTING -m state --state NEW -j NEW
iptables -t nat -A PREROUTING -j prerouting_rule
[ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan
iptables -t nat -A POSTROUTING -j postrouting_rule
[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
-
+
+ iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+ iptables -t nat -A NEW -j DROP
+
## USER RULES
[ -f /etc/firewall.user ] && . /etc/firewall.user
[ -n "$WAN" -a -e /etc/config/firewall ] && {