From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 7 Oct 2024 09:13:12 +0000 (+0000)
Subject: firewall: Flush SYN_FLOOD_PROTECTION
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d455578342ce1b54eeac30c6adf9f8531406e5d3;p=people%2Fms%2Fipfire-2.x.git

firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which
made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index e38f77242..c414f172c 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -221,6 +221,7 @@ sub flush {
 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+	run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT");
 }
 
 sub buildrules {