firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which made any ports appear as open when rules have been disabled or deleted. This has no security implications, but nevertheless isn't right. Reported-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2024-10-07 09:13:12 +00:00
parent 0e49a87ff0
commit d455578342
1 changed files with 1 additions and 0 deletions
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -221,6 +221,7 @@ sub flush {
 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+	run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT");
 }

 sub buildrules {