diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-08-31 16:08:14 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-08-31 16:08:14 -0700 |
| commit | 34b4264ecf4d314283faff10e11073e95cb7ab2a (patch) | |
| tree | 5e42b83b44d668d70191af4e3a1345008116e5d1 /scripts/firewall/firewall.init.in | |
| parent | b191af13e6a81d0ca532002ddcdff0853c2f6615 (diff) | |
| download | vyatta-cfg-firewall-34b4264ecf4d314283faff10e11073e95cb7ab2a.tar.gz vyatta-cfg-firewall-34b4264ecf4d314283faff10e11073e95cb7ab2a.zip | |
Fix 6125: iptables errors on boot up of mendocino
Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to
VYATTA_CT_PREROUTING_HOOK
Diffstat (limited to 'scripts/firewall/firewall.init.in')
| -rw-r--r-- | scripts/firewall/firewall.init.in | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index 040078b..5228c66 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -51,24 +51,24 @@ start () { # set up notrack chains/rules for IPv4 # by default, nothing is tracked. - iptables -t raw -N VYATTA_PRE_CT_PREROUTING_HOOK - iptables -t raw -A VYATTA_PRE_CT_PREROUTING_HOOK -j RETURN - iptables -t raw -A PREROUTING -j VYATTA_PRE_CT_PREROUTING_HOOK + iptables -t raw -N VYATTA_CT_PREROUTING_HOOK + iptables -t raw -A VYATTA_CT_PREROUTING_HOOK -j RETURN + iptables -t raw -A PREROUTING -j VYATTA_CT_PREROUTING_HOOK iptables -t raw -A PREROUTING -j NOTRACK - iptables -t raw -N VYATTA_PRE_CT_OUTPUT_HOOK - iptables -t raw -A VYATTA_PRE_CT_OUTPUT_HOOK -j RETURN - iptables -t raw -A OUTPUT -j VYATTA_PRE_CT_OUTPUT_HOOK + iptables -t raw -N VYATTA_CT_OUTPUT_HOOK + iptables -t raw -A VYATTA_CT_OUTPUT_HOOK -j RETURN + iptables -t raw -A OUTPUT -j VYATTA_CT_OUTPUT_HOOK iptables -t raw -A OUTPUT -j NOTRACK if [ -d /proc/sys/net/ipv6 ] ; then # set up notrack chains/rules for IPv6 - ip6tables -t raw -N VYATTA_PRE_CT_PREROUTING_HOOK - ip6tables -t raw -A VYATTA_PRE_CT_PREROUTING_HOOK -j RETURN - ip6tables -t raw -A PREROUTING -j VYATTA_PRE_CT_PREROUTING_HOOK + ip6tables -t raw -N VYATTA_CT_PREROUTING_HOOK + ip6tables -t raw -A VYATTA_CT_PREROUTING_HOOK -j RETURN + ip6tables -t raw -A PREROUTING -j VYATTA_CT_PREROUTING_HOOK ip6tables -t raw -A PREROUTING -j NOTRACK - ip6tables -t raw -N VYATTA_PRE_CT_OUTPUT_HOOK - ip6tables -t raw -A VYATTA_PRE_CT_OUTPUT_HOOK -j RETURN - ip6tables -t raw -A OUTPUT -j VYATTA_PRE_CT_OUTPUT_HOOK + ip6tables -t raw -N VYATTA_CT_OUTPUT_HOOK + ip6tables -t raw -A VYATTA_CT_OUTPUT_HOOK -j RETURN + ip6tables -t raw -A OUTPUT -j VYATTA_CT_OUTPUT_HOOK ip6tables -t raw -A OUTPUT -j NOTRACK # set up post-firewall hook for IPv6 |