diff options
| author | Nicolas Thill <nico@openwrt.org> | 2009-09-27 13:57:09 +0000 |
|---|---|---|
| committer | Nicolas Thill <nico@openwrt.org> | 2009-09-27 13:57:09 +0000 |
| commit | b3d3e5d75268ed32b940af9331da147eedb53e9a (patch) | |
| tree | 557deb2e49449075236bbe72d9d1547cd19b0ca1 /package/firewall/files | |
| parent | 48d6cee53b7b6eedbeaab467b2cc38f2f593e534 (diff) | |
| download | upstream-b3d3e5d75268ed32b940af9331da147eedb53e9a.tar.gz upstream-b3d3e5d75268ed32b940af9331da147eedb53e9a.tar.bz2 upstream-b3d3e5d75268ed32b940af9331da147eedb53e9a.zip | |
firewall: fix MSS issue affection RELATED new connections (closes: #5173)
SVN-Revision: 17762
Diffstat (limited to 'package/firewall/files')
| -rw-r--r-- | package/firewall/files/firewall.config | 2 | ||||
| -rwxr-xr-x | package/firewall/files/uci_firewall.sh | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config index 5a4b5af436..50a92f71ef 100644 --- a/package/firewall/files/firewall.config +++ b/package/firewall/files/firewall.config @@ -16,11 +16,11 @@ config zone option output ACCEPT option forward REJECT option masq 1 + option mtu_fix 1 config forwarding option src lan option dest wan - option mtu_fix 1 # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 3c13631a3b..3aa1f69c46 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -63,6 +63,7 @@ create_zone() { $IPTABLES -N zone_$1_prerouting -t nat $IPTABLES -t raw -N zone_$1_notrack [ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat + [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX } addif() { @@ -227,11 +228,12 @@ fw_zone() { config_get network $1 network config_get_bool masq $1 masq "0" config_get_bool conntrack $1 conntrack "0" + config_get_bool mtu_fix $1 mtu_fix 0 load_policy $1 [ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name" [ -z "$network" ] && network=$name - create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" + create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix" fw_custom_chains_zone "$name" } @@ -305,11 +307,9 @@ fw_forwarding() { config_get src $1 src config_get dest $1 dest - config_get_bool mtu_fix $1 mtu_fix 0 [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT $IPTABLES -I $z_src 1 -j $z_dest - [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX # propagate masq zone flag find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest |