aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Thill <nico@openwrt.org>2009-09-27 13:57:09 +0000
committerNicolas Thill <nico@openwrt.org>2009-09-27 13:57:09 +0000
commitb3d3e5d75268ed32b940af9331da147eedb53e9a (patch)
tree557deb2e49449075236bbe72d9d1547cd19b0ca1
parent48d6cee53b7b6eedbeaab467b2cc38f2f593e534 (diff)
downloadupstream-b3d3e5d75268ed32b940af9331da147eedb53e9a.tar.gz
upstream-b3d3e5d75268ed32b940af9331da147eedb53e9a.tar.bz2
upstream-b3d3e5d75268ed32b940af9331da147eedb53e9a.zip
firewall: fix MSS issue affection RELATED new connections (closes: #5173)
SVN-Revision: 17762
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/firewall.config2
-rwxr-xr-xpackage/firewall/files/uci_firewall.sh6
3 files changed, 5 insertions, 5 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 2e236fe719..fbbe056c03 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=1
-PKG_RELEASE:=7
+PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index 5a4b5af436..50a92f71ef 100644
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -16,11 +16,11 @@ config zone
option output ACCEPT
option forward REJECT
option masq 1
+ option mtu_fix 1
config forwarding
option src lan
option dest wan
- option mtu_fix 1
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 3c13631a3b..3aa1f69c46 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -63,6 +63,7 @@ create_zone() {
$IPTABLES -N zone_$1_prerouting -t nat
$IPTABLES -t raw -N zone_$1_notrack
[ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat
+ [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
}
addif() {
@@ -227,11 +228,12 @@ fw_zone() {
config_get network $1 network
config_get_bool masq $1 masq "0"
config_get_bool conntrack $1 conntrack "0"
+ config_get_bool mtu_fix $1 mtu_fix 0
load_policy $1
[ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name"
[ -z "$network" ] && network=$name
- create_zone "$name" "$network" "$input" "$output" "$forward" "$masq"
+ create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix"
fw_custom_chains_zone "$name"
}
@@ -305,11 +307,9 @@ fw_forwarding() {
config_get src $1 src
config_get dest $1 dest
- config_get_bool mtu_fix $1 mtu_fix 0
[ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward
[ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT
$IPTABLES -I $z_src 1 -j $z_dest
- [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX
# propagate masq zone flag
find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest