webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 12:32:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Accept related ICMP packets again

Browse Source 
This rule is required to forward ICMP error messages for
aborted TCP connections and the like.
This commit is contained in:
Michael Tremer
2015-05-11 13:00:34 +02:00
parent a235f22952
commit 0f5350608e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/initscripts/init.d/firewall
View File

@@ -90,6 +90,7 @@ iptables_init() {
iptables -N CONNTRACK
iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED -j ACCEPT
iptables -A CONNTRACK -m conntrack --ctstate INVALID -j DROP
iptables -A CONNTRACK -p icmp -m conntrack --ctstate RELATED -j ACCEPT
iptables -t raw -N CONNTRACK
iptables -t raw -A PREROUTING -j CONNTRACK