aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/config/firewall')
-rw-r--r--package/network/config/firewall/files/firewall.config13
1 files changed, 13 insertions, 0 deletions
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 8874e9882c..5e22f984ce 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -129,6 +129,19 @@ config rule
option proto udp
option target ACCEPT
+# allow interoperability with traceroute classic
+# note that traceroute uses a fixed port range, and depends on getting
+# back ICMP Unreachables. if we're operating in DROP mode, it won't
+# work so we explicitly REJECT packets on these ports.
+config rule
+ option name Support-UDP-Traceroute
+ option src wan
+ option dest_port 33434:33689
+ option proto udp
+ option family ipv4
+ option target REJECT
+ option enabled false
+
# include a file with users custom iptables rules
config include
option path /etc/firewall.user