[source] firewall: fix forwarding local subnet traffic
LEDE Commits
lede-commits at lists.infradead.org
Fri Jan 13 09:31:42 PST 2017
jow pushed a commit to source.git, branch master:
https://git.lede-project.org/920170a27fe9a3b66d5a857d70408dbac3720e0f
commit 920170a27fe9a3b66d5a857d70408dbac3720e0f
Author: Jo-Philipp Wich <jo at mein.io>
AuthorDate: Fri Jan 13 18:31:08 2017 +0100
firewall: fix forwarding local subnet traffic
Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.
Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.
Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
package/network/config/firewall/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index ee31d17..0d57340 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -13,9 +13,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2016-11-29
-PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
-PKG_MIRROR_HASH:=6ba6e96a588dd3afd7e9db7e9246c5cc6c560aa95385592960c6b71b5a9c6395
+PKG_SOURCE_DATE:=2017-01-13
+PKG_SOURCE_VERSION:=37cb4cb437fd685f31926a4c326ba8afe329e4a6
+PKG_MIRROR_HASH:=7ee075f05977e5d9a78e661b537e6eb077c8f328ff2e71d1e2fbef44cca97355
PKG_MAINTAINER:=Jo-Philipp Wich <jo at mein.io>
PKG_LICENSE:=ISC
More information about the lede-commits
mailing list