diff options
author | Stig Thormodsrud <stig@vyatta.com> | 2010-06-10 15:00:51 -0700 |
---|---|---|
committer | Stig Thormodsrud <stig@vyatta.com> | 2010-06-10 15:00:51 -0700 |
commit | 4d6d91dc02492043d31304179038e394227f36d9 (patch) | |
tree | 7063239fca7de5d9aa5480240f44c686c1e80638 /scripts/firewall/firewall.init.in | |
parent | af5dd4743f19fc979ebdea361f7759f12cb61b0f (diff) | |
download | vyatta-cfg-firewall-4d6d91dc02492043d31304179038e394227f36d9.tar.gz vyatta-cfg-firewall-4d6d91dc02492043d31304179038e394227f36d9.zip |
Infrastruction needed for bug 5583.
Diffstat (limited to 'scripts/firewall/firewall.init.in')
-rw-r--r-- | scripts/firewall/firewall.init.in | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index 22f48fd..040078b 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -51,13 +51,25 @@ start () { # set up notrack chains/rules for IPv4 # by default, nothing is tracked. + iptables -t raw -N VYATTA_PRE_CT_PREROUTING_HOOK + iptables -t raw -A VYATTA_PRE_CT_PREROUTING_HOOK -j RETURN + iptables -t raw -A PREROUTING -j VYATTA_PRE_CT_PREROUTING_HOOK iptables -t raw -A PREROUTING -j NOTRACK + iptables -t raw -N VYATTA_PRE_CT_OUTPUT_HOOK + iptables -t raw -A VYATTA_PRE_CT_OUTPUT_HOOK -j RETURN + iptables -t raw -A OUTPUT -j VYATTA_PRE_CT_OUTPUT_HOOK iptables -t raw -A OUTPUT -j NOTRACK if [ -d /proc/sys/net/ipv6 ] ; then # set up notrack chains/rules for IPv6 - ip6tables -t raw -A PREROUTING -j NOTRACK - ip6tables -t raw -A OUTPUT -j NOTRACK + ip6tables -t raw -N VYATTA_PRE_CT_PREROUTING_HOOK + ip6tables -t raw -A VYATTA_PRE_CT_PREROUTING_HOOK -j RETURN + ip6tables -t raw -A PREROUTING -j VYATTA_PRE_CT_PREROUTING_HOOK + ip6tables -t raw -A PREROUTING -j NOTRACK + ip6tables -t raw -N VYATTA_PRE_CT_OUTPUT_HOOK + ip6tables -t raw -A VYATTA_PRE_CT_OUTPUT_HOOK -j RETURN + ip6tables -t raw -A OUTPUT -j VYATTA_PRE_CT_OUTPUT_HOOK + ip6tables -t raw -A OUTPUT -j NOTRACK # set up post-firewall hook for IPv6 ip6tables -N VYATTA_POST_FW_HOOK |