relates connections should be mss clamped too

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1142 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: Oleg I. Vdovikin <oleg@cs.msu.su> 2005-06-05 06:20:09 +0000
committer: Oleg I. Vdovikin <oleg@cs.msu.su> 2005-06-05 06:20:09 +0000
commit: 0f60cc7406d396788fd19c11af70f18f46025d44 (patch)
tree: 9f3c51e822a9c0535456882bc8c9accd3fa185ec /target
parent: e841402a4090680bb740ba6b083acb53370d51d0 (diff)
download: master-187ad058-0f60cc7406d396788fd19c11af70f18f46025d44.tar.gz
master-187ad058-0f60cc7406d396788fd19c11af70f18f46025d44.tar.bz2
master-187ad058-0f60cc7406d396788fd19c11af70f18f46025d44.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/target/default/target_skeleton/etc/init.d/S45firewall b/target/default/target_skeleton/etc/init.d/S45firewall
index 072f411a9f..8f9b9404e5 100755
--- a/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/target/default/target_skeleton/etc/init.d/S45firewall
@@ -63,8 +63,8 @@ iptables -t nat -N postrouting_rule
   # base case
   iptables -P FORWARD DROP 
   iptables -A FORWARD -m state --state INVALID -j DROP
-  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
   # allow
   iptables -A FORWARD -i br0 -o br0 -j ACCEPT
author	Oleg I. Vdovikin <oleg@cs.msu.su>	2005-06-05 06:20:09 +0000
committer	Oleg I. Vdovikin <oleg@cs.msu.su>	2005-06-05 06:20:09 +0000
commit	0f60cc7406d396788fd19c11af70f18f46025d44 (patch)
tree	9f3c51e822a9c0535456882bc8c9accd3fa185ec /target
parent	e841402a4090680bb740ba6b083acb53370d51d0 (diff)
download	master-187ad058-0f60cc7406d396788fd19c11af70f18f46025d44.tar.gz master-187ad058-0f60cc7406d396788fd19c11af70f18f46025d44.tar.bz2 master-187ad058-0f60cc7406d396788fd19c11af70f18f46025d44.zip