diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-09-07 08:21:00 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-09-07 08:21:00 -0700 |
| commit | 63594ba4012647588e187ba0b8e4b67c48b4771f (patch) | |
| tree | be2e0adc18f7c1c14c099a538817baf5aa601e09 | |
| parent | bcd988b5bfaaca5cb97f76268d7ded8a49f8f7b9 (diff) | |
| parent | 209eb4c4a99832a4524ae375d8271354e3fbf719 (diff) | |
| download | vyatta-cfg-firewall-63594ba4012647588e187ba0b8e4b67c48b4771f.tar.gz vyatta-cfg-firewall-63594ba4012647588e187ba0b8e4b67c48b4771f.zip | |
Merge branch 'mendocino' of suva.vyatta.com:/git/vyatta-cfg-firewall into mendocino
| -rw-r--r-- | debian/changelog | 12 | ||||
| -rwxr-xr-x | lib/Vyatta/IpTables/Mgr.pm | 4 | ||||
| -rw-r--r-- | scripts/firewall/firewall.init.in | 24 |
3 files changed, 26 insertions, 14 deletions
diff --git a/debian/changelog b/debian/changelog index f40db8c..69d8ac2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +vyatta-cfg-firewall (0.13.14) unstable; urgency=low + + * UNRELEASED + + -- An-Cheng Huang <ancheng@vyatta.com> Thu, 02 Sep 2010 18:28:11 -0700 + +vyatta-cfg-firewall (0.13.13) unstable; urgency=low + + * Fix 6125: iptables errors on boot up of mendocino + + -- Stig Thormodsrud <stig@vyatta.com> Tue, 31 Aug 2010 16:09:26 -0700 + vyatta-cfg-firewall (0.13.12) unstable; urgency=low * remove low-level config dir usage diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm index 79b842f..9247a44 100755 --- a/lib/Vyatta/IpTables/Mgr.pm +++ b/lib/Vyatta/IpTables/Mgr.pm @@ -52,8 +52,8 @@ sub ipt_find_chain_rule { } my %conntrack_hook_hash = - ('PREROUTING' => 'VYATTA_PRE_CT_PREROUTING_HOOK', - 'OUTPUT' => 'VYATTA_PRE_CT_OUTPUT_HOOK', + ('PREROUTING' => 'VYATTA_CT_PREROUTING_HOOK', + 'OUTPUT' => 'VYATTA_CT_OUTPUT_HOOK', ); sub ipt_enable_conntrack { diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index 040078b..5228c66 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -51,24 +51,24 @@ start () { # set up notrack chains/rules for IPv4 # by default, nothing is tracked. - iptables -t raw -N VYATTA_PRE_CT_PREROUTING_HOOK - iptables -t raw -A VYATTA_PRE_CT_PREROUTING_HOOK -j RETURN - iptables -t raw -A PREROUTING -j VYATTA_PRE_CT_PREROUTING_HOOK + iptables -t raw -N VYATTA_CT_PREROUTING_HOOK + iptables -t raw -A VYATTA_CT_PREROUTING_HOOK -j RETURN + iptables -t raw -A PREROUTING -j VYATTA_CT_PREROUTING_HOOK iptables -t raw -A PREROUTING -j NOTRACK - iptables -t raw -N VYATTA_PRE_CT_OUTPUT_HOOK - iptables -t raw -A VYATTA_PRE_CT_OUTPUT_HOOK -j RETURN - iptables -t raw -A OUTPUT -j VYATTA_PRE_CT_OUTPUT_HOOK + iptables -t raw -N VYATTA_CT_OUTPUT_HOOK + iptables -t raw -A VYATTA_CT_OUTPUT_HOOK -j RETURN + iptables -t raw -A OUTPUT -j VYATTA_CT_OUTPUT_HOOK iptables -t raw -A OUTPUT -j NOTRACK if [ -d /proc/sys/net/ipv6 ] ; then # set up notrack chains/rules for IPv6 - ip6tables -t raw -N VYATTA_PRE_CT_PREROUTING_HOOK - ip6tables -t raw -A VYATTA_PRE_CT_PREROUTING_HOOK -j RETURN - ip6tables -t raw -A PREROUTING -j VYATTA_PRE_CT_PREROUTING_HOOK + ip6tables -t raw -N VYATTA_CT_PREROUTING_HOOK + ip6tables -t raw -A VYATTA_CT_PREROUTING_HOOK -j RETURN + ip6tables -t raw -A PREROUTING -j VYATTA_CT_PREROUTING_HOOK ip6tables -t raw -A PREROUTING -j NOTRACK - ip6tables -t raw -N VYATTA_PRE_CT_OUTPUT_HOOK - ip6tables -t raw -A VYATTA_PRE_CT_OUTPUT_HOOK -j RETURN - ip6tables -t raw -A OUTPUT -j VYATTA_PRE_CT_OUTPUT_HOOK + ip6tables -t raw -N VYATTA_CT_OUTPUT_HOOK + ip6tables -t raw -A VYATTA_CT_OUTPUT_HOOK -j RETURN + ip6tables -t raw -A OUTPUT -j VYATTA_CT_OUTPUT_HOOK ip6tables -t raw -A OUTPUT -j NOTRACK # set up post-firewall hook for IPv6 |