firewall: optimize DNAT rules and skip invalid rules and redirects (#14485)

	- instead of writing one (or more) ACCEPT rules in the filter table
	  for each redirect install a global ctstate DNAT accept rule per zone

	- discard rules and redirects which have invalid options set instead
	  of silently skipping the invalid values

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38849 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index ac4d16a..cde3aa8 100644 (file)
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall

-PKG_VERSION:=2013-10-23
+PKG_VERSION:=2013-11-18

 PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/firewall3.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/firewall3.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)

-PKG_SOURCE_VERSION:=c25922c05ae594c4c35fa65f27fd21c3a033f4ec
+PKG_SOURCE_VERSION:=fa3386a7054aa9541decd68c8cf8de1e0d6f8832

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>