diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-06-22 15:00:41 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-06-22 15:20:28 -0700 |
| commit | b1e3bbe3faf4ec2c5df079ec36964e46e8254041 (patch) | |
| tree | 5ca1576c36b75ed77e4ac6f5bf276a5c921e9a97 | |
| parent | 5ffdcdf9fd77a415381c481e4641a620edd26449 (diff) | |
| download | vyatta-cfg-firewall-b1e3bbe3faf4ec2c5df079ec36964e46e8254041.tar.gz vyatta-cfg-firewall-b1e3bbe3faf4ec2c5df079ec36964e46e8254041.zip | |
fixing 8173: moving CT_HELPER chain just before CTTIMEOUT
(cherry picked from commit faacba00db46c29fc652217653f9fe0564c1ebac)
| -rwxr-xr-x | lib/Vyatta/IpTables/Mgr.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm index 19c3c29..6723bc3 100755 --- a/lib/Vyatta/IpTables/Mgr.pm +++ b/lib/Vyatta/IpTables/Mgr.pm @@ -230,7 +230,9 @@ sub ipt_enable_conntrack { # this index does not change now but maybe later we change it, so being defensive. my $cttimeout_index = ipt_find_chain_rule($iptables_cmd, 'raw', $label, "VYATTA_CT_TIMEOUT"); if (defined($cttimeout_index)) { - $cttimeout_index++; + # $cttimeout_index++; fixing 8173 + # currently we have cttimeout at 1 index, it might change in future. + # helper chain should be before timeout chain system("sudo $iptables_cmd -t raw -I $label $cttimeout_index -j VYATTA_CT_HELPER"); } } |