From 5cee03da1e29e6cde5d4fe121b22b86768006775 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 7 Oct 2024 09:13:12 +0000
Subject: [PATCH] firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which
made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/firewall/rules.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index e38f772428..c414f172ce 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -221,6 +221,7 @@ sub flush {
 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+	run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT");
 }
 
 sub buildrules {
-- 
2.39.5