From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 24 Jun 2015 16:40:27 +0000 (+0200)
Subject: firewall: Only propagate ASSURED and DESTROY CT events to user-space
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=79c141ff43e11045e11288a018a580609e189aa9;p=people%2Fms%2Fipfire-2.x.git

firewall: Only propagate ASSURED and DESTROY CT events to user-space

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 8ca02bc9d1..28443599a5 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -21,9 +21,11 @@ iptables_init() {
 	iptables -F
 	iptables -t nat -F
 	iptables -t mangle -F
+	iptables -t raw -F
 	iptables -X
 	iptables -t nat -X
 	iptables -t mangle -X
+	iptables -t raw -X
 
 	# Set up policies
 	iptables -P INPUT DROP
@@ -295,6 +297,9 @@ iptables_init() {
 	if [ ! -e "/var/ipfire/red/active" ]; then
 		iptables_red_down
 	fi
+
+	# Only propagate assured and destroy CT events to user-space
+	iptables -t raw -A PREROUTING -j CT --ctevents assured,destroy
 }
 
 iptables_red_up() {