Strona główna Odkrywaj Pomoc
Zaloguj się
OpenWrt
/
openwrt
kopia lustrzana https://github.com/openwrt/openwrt.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

firewall: fix MSS issue affection RELATED new connections (closes: #5173)

SVN-Revision: 17762
Nicolas Thill 16 lat temu
rodzic
48d6cee53b
commit
b3d3e5d752
3 zmienionych plików z 5 dodań i 5 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 1 1
      package/firewall/Makefile
  2. 1 1
      package/firewall/files/firewall.config
  3. 3 3
      package/firewall/files/uci_firewall.sh

+ 1 - 1
package/firewall/Makefile
Wyświetl plik 

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
 
 
 PKG_VERSION:=1
 
-PKG_RELEASE:=7
 
+PKG_RELEASE:=8
 
 
 include $(INCLUDE_DIR)/package.mk

+ 1 - 1
package/firewall/files/firewall.config
Wyświetl plik 

@@ -16,11 +16,11 @@ config zone
 
 	option output	ACCEPT 
 	option forward	REJECT
 
 	option masq		1 
+	option mtu_fix	1
 
 
 config forwarding 
 	option src      lan
 
 	option dest     wan
 
-	option mtu_fix	1
 
 
 # We need to accept udp packets on port 68,
 
 # see https://dev.openwrt.org/ticket/4108

+ 3 - 3
package/firewall/files/uci_firewall.sh
Wyświetl plik 

@@ -63,6 +63,7 @@ create_zone() {
 
 	$IPTABLES -N zone_$1_prerouting -t nat
 
 	$IPTABLES -t raw -N zone_$1_notrack
 
 	[ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat
 
+	[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
 
 }
 
 
 addif() {
 
@@ -227,11 +228,12 @@ fw_zone() {
 
 	config_get network $1 network
 
 	config_get_bool masq $1 masq "0"
 
 	config_get_bool conntrack $1 conntrack "0"
 
+	config_get_bool mtu_fix $1 mtu_fix 0
 
 
 	load_policy $1
 
 	[ "$conntrack" = "1" -o "$masq" = "1" ] && append CONNTRACK_ZONES "$name"
 
 	[ -z "$network" ] && network=$name
 
-	create_zone "$name" "$network" "$input" "$output" "$forward" "$masq"
 
+	create_zone "$name" "$network" "$input" "$output" "$forward" "$masq" "$mtu_fix"
 
 	fw_custom_chains_zone "$name"
 
 }
 
 
@@ -305,11 +307,9 @@ fw_forwarding() {
 
 
 	config_get src $1 src
 
 	config_get dest $1 dest
 
-	config_get_bool mtu_fix $1 mtu_fix 0
 
 	[ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward
 
 	[ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT
 
 	$IPTABLES -I $z_src 1 -j $z_dest
 
-	[ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX
 
 
 	# propagate masq zone flag
 
 	find_item "$src" $CONNTRACK_ZONES && append CONNTRACK_ZONES $dest