projects / project / firewall3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0990a28)
defaults: emit ctstate INVALID drop rules by default
authorJo-Philipp Wich <jow@openwrt.org>
Fri, 29 Jan 2016 17:22:34 +0000 (18:22 +0100)
committerJo-Philipp Wich <jow@openwrt.org>
Fri, 29 Jan 2016 17:22:38 +0000 (18:22 +0100)
Enable the creation of state invalid catch rules by default to prevent
unnatted traffic from leaking onto the wan.

Fixes OpenWrt ticket #21738.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
defaults.c patch | blob | history

diff --git a/defaults.c b/defaults.c
index 4936b38..e246949 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -93,6 +93,7 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
        defs->tcp_syncookies       = true;
        defs->tcp_window_scaling   = true;
        defs->custom_chains        = true;
        defs->tcp_syncookies       = true;
        defs->tcp_window_scaling   = true;
        defs->custom_chains        = true;
+       defs->drop_invalid         = true;
 
        uci_foreach_element(&p->sections, e)
        {
 
        uci_foreach_element(&p->sections, e)
        {
OpenWrt firewall configuration utility