aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2017-01-13 18:31:08 +0100
committerJo-Philipp Wich <jo@mein.io>2017-01-13 18:31:36 +0100
commit920170a27fe9a3b66d5a857d70408dbac3720e0f (patch)
treeebb5c7006a0ab4871e5146cc8dc1890f574a70d2 /package/kernel
parent9641ceea0ce68d1c507b9d2bbe7cf8da518a2eb8 (diff)
downloadupstream-920170a27fe9a3b66d5a857d70408dbac3720e0f.tar.gz
upstream-920170a27fe9a3b66d5a857d70408dbac3720e0f.tar.bz2
upstream-920170a27fe9a3b66d5a857d70408dbac3720e0f.zip
firewall: fix forwarding local subnet traffic
Packets which are merely forwarded by the router and which are neither involved in any DNAT/SNAT nor originate locally, are considered INVALID from a conntrack point of view, causing them to get dropped in the zone_*_dest_ACCEPT chains, since those only allow stream with state NEW or UNTRACKED. Remove the ctstate restriction on dest accept chains to properly pass- through unrelated 3rd party traffic. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'package/kernel')
0 files changed, 0 insertions, 0 deletions