firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which
made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index e38f772428569c2207eb3fe4d547cf998a087cf5..c414f172ce8fdbe58f5b2aa7fd446e11024c1d43 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -221,6 +221,7 @@ sub flush {
        run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
        run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
        run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+       run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT");
 }
 
 sub buildrules {