Doing strict ES won't work for router

Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules).
author: Stephen Hemminger <stephen.hemminger@vyatta.com> 2009-03-12 16:53:22 -0700
committer: Stephen Hemminger <stephen.hemminger@vyatta.com> 2009-03-12 16:53:22 -0700
commit: 11a6cc493149f92913634dda3b491079188a334d (patch)
tree: 17243439410d29a192703a675f895712c92e4b39 /scripts/firewall/firewall.init.in
parent: 7981321561add3874ca28f1f59bb170b7e214de2 (diff)
download: vyatta-cfg-firewall-11a6cc493149f92913634dda3b491079188a334d.tar.gz
vyatta-cfg-firewall-11a6cc493149f92913634dda3b491079188a334d.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index efdc04c..e084fcf 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -58,8 +58,7 @@ start () {
     iptables -A VYATTA_POST_FW_HOOK -j ACCEPT
 
     # enforce strict host matching (see bug 4061)
-    iptables -A INPUT -m strict -j VYATTA_POST_FW_HOOK
-    iptables -A INPUT -j DROP
+    iptables -A INPUT -j VYATTA_POST_FW_HOOK
 
     iptables -A FORWARD -j VYATTA_POST_FW_HOOK
author	Stephen Hemminger <stephen.hemminger@vyatta.com>	2009-03-12 16:53:22 -0700
committer	Stephen Hemminger <stephen.hemminger@vyatta.com>	2009-03-12 16:53:22 -0700
commit	11a6cc493149f92913634dda3b491079188a334d (patch)
tree	17243439410d29a192703a675f895712c92e4b39 /scripts/firewall/firewall.init.in
parent	7981321561add3874ca28f1f59bb170b7e214de2 (diff)
download	vyatta-cfg-firewall-11a6cc493149f92913634dda3b491079188a334d.tar.gz vyatta-cfg-firewall-11a6cc493149f92913634dda3b491079188a334d.zip