]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/initscripts/system/firewall
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
firewall: Always restore all connection marks
[people/pmueller/ipfire-2.x.git] / src / initscripts / system / firewall
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 9d023a349b98b3752608e41fcc71eeeb846fe43b..7a7d52d577b9f55ae2a6e004083d2794b3a05cb0 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -100,6 +100,9 @@ iptables_init() {
        iptables -t raw -N CONNTRACK
        iptables -t raw -A PREROUTING -j CONNTRACK
 
+       # Restore any connection marks
+       iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
+
        # Fix for braindead ISPs
        iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
Peter's tree of IPFire 2.x