summaryrefslogtreecommitdiff
path: root/scripts/firewall/firewall.init.in
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/firewall/firewall.init.in')
-rw-r--r--scripts/firewall/firewall.init.in8
1 files changed, 4 insertions, 4 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 8e92225..49991d8 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -50,8 +50,8 @@ start () {
done
# conection tracking timeout chain
- iptables -t raw -N CT_TIMEOUT
- iptables -t raw -A CT_TIMEOUT -j RETURN
+ iptables -t raw -N VYATTA_CT_TIMEOUT
+ iptables -t raw -A VYATTA_CT_TIMEOUT -j RETURN
# setup vrrp backup transition chain
# we need to filter traffic to the vrrp mac addresses
@@ -145,8 +145,8 @@ start () {
iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN
iptables -t nat -A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
- iptables -t raw -I PREROUTING -j CT_TIMEOUT
- iptables -t raw -I OUTPUT -j CT_TIMEOUT
+ iptables -t raw -I PREROUTING -j VYATTA_CT_TIMEOUT
+ iptables -t raw -I OUTPUT -j VYATTA_CT_TIMEOUT
# Loosen the acceptability rules for TCP sequence and ACK numbers in
# conntrack. This allows TCP connections through NAT to survive certain
# cases of packet loss where conntrack can not accurately track the