move CT_IGNORE chain up, first in raw table

author: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-08-22 17:37:24 -0700
committer: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-08-22 17:37:24 -0700
commit: efdcd39a9b06ac5e45583a4e5eb00ae8ae480337 (patch)
tree: a757dd983f67f1208ed1565f6fe9c58f84b21d55 /scripts/firewall
parent: 7bd89f780b75b6e953be3924d392efdf172cae26 (diff)
download: vyatta-cfg-firewall-efdcd39a9b06ac5e45583a4e5eb00ae8ae480337.tar.gz
vyatta-cfg-firewall-efdcd39a9b06ac5e45583a4e5eb00ae8ae480337.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 20ece8b..a7fb685 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -162,6 +162,9 @@ start () {
 
     iptables -t raw -I PREROUTING -j VYATTA_CT_TIMEOUT
     iptables -t raw -I OUTPUT -j VYATTA_CT_TIMEOUT
+
+    iptables -t raw -I PREROUTING -j VYATTA_CT_IGNORE
+    iptables -t raw -I OUTPUT -j VYATTA_CT_IGNORE
     # Loosen the acceptability rules for TCP sequence and ACK numbers in
     # conntrack.  This allows TCP connections through NAT to survive certain
     # cases of packet loss where conntrack can not accurately track the
author	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-08-22 17:37:24 -0700
committer	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-08-22 17:37:24 -0700
commit	efdcd39a9b06ac5e45583a4e5eb00ae8ae480337 (patch)
tree	a757dd983f67f1208ed1565f6fe9c58f84b21d55 /scripts/firewall
parent	7bd89f780b75b6e953be3924d392efdf172cae26 (diff)
download	vyatta-cfg-firewall-efdcd39a9b06ac5e45583a4e5eb00ae8ae480337.tar.gz vyatta-cfg-firewall-efdcd39a9b06ac5e45583a4e5eb00ae8ae480337.zip