diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2007-02-08 01:25:18 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2007-02-08 01:25:18 +0000 |
| commit | dc4d1dd12a9168cd49db359cde517f5dc181bfe6 (patch) | |
| tree | d46b6bfdff0a783da768660baef6ad0bdb90373e /package | |
| parent | 74f4d3ee6d2cb306a5e8c4aedddb974637af1880 (diff) | |
| download | master-187ad058-dc4d1dd12a9168cd49db359cde517f5dc181bfe6.tar.gz master-187ad058-dc4d1dd12a9168cd49db359cde517f5dc181bfe6.tar.bz2 master-187ad058-dc4d1dd12a9168cd49db359cde517f5dc181bfe6.zip | |
port [6229] to kamikaze
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@6275 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package')
| -rwxr-xr-x | package/iptables/files/firewall.init | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init index a4014f3ee7..290bae1eac 100755 --- a/package/iptables/files/firewall.init +++ b/package/iptables/files/firewall.init @@ -22,7 +22,8 @@ start() { iptables -N output_rule iptables -N forwarding_rule iptables -N forwarding_wan - + + iptables -t nat -N NEW iptables -t nat -N prerouting_rule iptables -t nat -N prerouting_wan iptables -t nat -N postrouting_rule @@ -99,11 +100,15 @@ start() { # uses the default -P DROP ### MASQ + iptables -t nat -A PREROUTING -m state --state NEW -j NEW iptables -t nat -A PREROUTING -j prerouting_rule [ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan iptables -t nat -A POSTROUTING -j postrouting_rule [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE - + + iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \ + iptables -t nat -A NEW -j DROP + ## USER RULES [ -f /etc/firewall.user ] && . /etc/firewall.user [ -n "$WAN" -a -e /etc/config/firewall ] && { |