diff options
author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-04-16 11:11:39 -0700 |
---|---|---|
committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-04-16 11:11:39 -0700 |
commit | 2d2fe52ad1510a235314cfd1e16b6e8c36ebe22a (patch) | |
tree | 648561442d6ada3f8196d9e266a359e2580e82d7 /scripts/firewall | |
parent | b066f2e2e8c9e268b147da8749592e2a4b3fe5e1 (diff) | |
download | vyatta-cfg-firewall-2d2fe52ad1510a235314cfd1e16b6e8c36ebe22a.tar.gz vyatta-cfg-firewall-2d2fe52ad1510a235314cfd1e16b6e8c36ebe22a.zip |
fixing 7998
Diffstat (limited to 'scripts/firewall')
-rw-r--r-- | scripts/firewall/firewall.init.in | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index 8e92225..49991d8 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -50,8 +50,8 @@ start () { done # conection tracking timeout chain - iptables -t raw -N CT_TIMEOUT - iptables -t raw -A CT_TIMEOUT -j RETURN + iptables -t raw -N VYATTA_CT_TIMEOUT + iptables -t raw -A VYATTA_CT_TIMEOUT -j RETURN # setup vrrp backup transition chain # we need to filter traffic to the vrrp mac addresses @@ -145,8 +145,8 @@ start () { iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN iptables -t nat -A POSTROUTING -j VYATTA_PRE_SNAT_HOOK - iptables -t raw -I PREROUTING -j CT_TIMEOUT - iptables -t raw -I OUTPUT -j CT_TIMEOUT + iptables -t raw -I PREROUTING -j VYATTA_CT_TIMEOUT + iptables -t raw -I OUTPUT -j VYATTA_CT_TIMEOUT # Loosen the acceptability rules for TCP sequence and ACK numbers in # conntrack. This allows TCP connections through NAT to survive certain # cases of packet loss where conntrack can not accurately track the |