diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-03-12 16:53:22 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-03-12 16:53:22 -0700 |
commit | 11a6cc493149f92913634dda3b491079188a334d (patch) | |
tree | 17243439410d29a192703a675f895712c92e4b39 | |
parent | 7981321561add3874ca28f1f59bb170b7e214de2 (diff) | |
download | vyatta-cfg-firewall-11a6cc493149f92913634dda3b491079188a334d.tar.gz vyatta-cfg-firewall-11a6cc493149f92913634dda3b491079188a334d.zip |
Doing strict ES won't work for router
Need a different kind of filter to fix 4061. (Not sure if
it is even possible as firewall rule since it depends on quagga
config rules).
-rw-r--r-- | scripts/firewall/firewall.init.in | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index efdc04c..e084fcf 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -58,8 +58,7 @@ start () { iptables -A VYATTA_POST_FW_HOOK -j ACCEPT # enforce strict host matching (see bug 4061) - iptables -A INPUT -m strict -j VYATTA_POST_FW_HOOK - iptables -A INPUT -j DROP + iptables -A INPUT -j VYATTA_POST_FW_HOOK iptables -A FORWARD -j VYATTA_POST_FW_HOOK |