]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6342bb5)
firewall: Don't filter output INVALID packets
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 18 Apr 2024 21:11:40 +0000 (21:11 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 2 Jul 2024 09:30:28 +0000 (09:30 +0000)
This should never cause any problems, but will cause that certain more
complicated featured like SYNPROXY won't work.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/firewall patch | blob | blame | history

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index d14466ef04eb60c3346268eed8349e097951b843..054d58c01db150810b74c5f8a53db0a2d4338ec4 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -156,7 +156,6 @@ iptables_init() {
 
        iptables -N CTOUTPUT
        iptables -A CTOUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-       iptables -A CTOUTPUT -m conntrack --ctstate INVALID -j CTINVALID
        iptables -A CTOUTPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
 
        # Restore any connection marks
IPFire 2.x development tree