From d455578342ce1b54eeac30c6adf9f8531406e5d3 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 7 Oct 2024 09:13:12 +0000
Subject: [PATCH] firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which
made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/firewall/rules.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index e38f772428..c414f172ce 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -221,6 +221,7 @@ sub flush {
 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+	run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT");
 }
 
 sub buildrules {
-- 
2.39.5