[source] firewall: fix forwarding local subnet traffic

LEDE Commits lede-commits at lists.infradead.org
Fri Jan 13 09:31:42 PST 2017


jow pushed a commit to source.git, branch master:
https://git.lede-project.org/920170a27fe9a3b66d5a857d70408dbac3720e0f

commit 920170a27fe9a3b66d5a857d70408dbac3720e0f
Author: Jo-Philipp Wich <jo at mein.io>
AuthorDate: Fri Jan 13 18:31:08 2017 +0100

    firewall: fix forwarding local subnet traffic
    
    Packets which are merely forwarded by the router and which are neither
    involved in any DNAT/SNAT nor originate locally, are considered INVALID
    from a conntrack point of view, causing them to get dropped in the
    zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
    or UNTRACKED.
    
    Remove the ctstate restriction on dest accept chains to properly pass-
    through unrelated 3rd party traffic.
    
    Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
 package/network/config/firewall/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index ee31d17..0d57340 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2016-11-29
-PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
-PKG_MIRROR_HASH:=6ba6e96a588dd3afd7e9db7e9246c5cc6c560aa95385592960c6b71b5a9c6395
+PKG_SOURCE_DATE:=2017-01-13
+PKG_SOURCE_VERSION:=37cb4cb437fd685f31926a4c326ba8afe329e4a6
+PKG_MIRROR_HASH:=7ee075f05977e5d9a78e661b537e6eb077c8f328ff2e71d1e2fbef44cca97355
 PKG_MAINTAINER:=Jo-Philipp Wich <jo at mein.io>
 PKG_LICENSE:=ISC
 



More information about the lede-commits mailing list