firewall: flush conntrack table after changing interface rules

SVN-Revision: 35348

package/network/config/firewall/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2008-2013 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=56
+PKG_RELEASE:=57
 
 include $(INCLUDE_DIR)/package.mk
 

package/network/config/firewall/files/lib/core_interface.sh

@@ -106,6 +106,9 @@ fw_configure_interface() {
 		fw $action $mode r PREROUTING ${chain}_notrack    $ { -i "$ifname" $inet }
 		fw $action $mode n POSTROUTING ${chain}_nat       $ { -o "$ifname" $onet }
 
+		# Flush conntrack table
+		echo f >/proc/net/nf_conntrack 2>/dev/null
+
 		lock -u /var/run/firewall-interface.lock
 	}