From 8957be6c026858fe414aef69281d8aa06f7ea122 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 29 Jan 2016 18:22:34 +0100 Subject: [PATCH] defaults: emit ctstate INVALID drop rules by default Enable the creation of state invalid catch rules by default to prevent unnatted traffic from leaking onto the wan. Fixes OpenWrt ticket #21738. Signed-off-by: Jo-Philipp Wich --- defaults.c | 1 + 1 file changed, 1 insertion(+) diff --git a/defaults.c b/defaults.c index 4936b38..e246949 100644 --- a/defaults.c +++ b/defaults.c @@ -93,6 +93,7 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p) defs->tcp_syncookies = true; defs->tcp_window_scaling = true; defs->custom_chains = true; + defs->drop_invalid = true; uci_foreach_element(&p->sections, e) { -- 2.11.0