]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a235f22)
firewall: Accept related ICMP packets again
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 11 May 2015 11:00:34 +0000 (13:00 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 11 May 2015 11:00:34 +0000 (13:00 +0200)
This rule is required to forward ICMP error messages for
aborted TCP connections and the like.

src/initscripts/init.d/firewall patch | blob | blame | history

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c21cba73cc4e31a58c35f629ce08cfe7d6144be3..7614b51bb27b2fc9f56f3ba1872905a2bce6cecd 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -90,6 +90,7 @@ iptables_init() {
        iptables -N CONNTRACK
        iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED -j ACCEPT
        iptables -A CONNTRACK -m conntrack --ctstate INVALID -j DROP
+       iptables -A CONNTRACK -p icmp -m conntrack --ctstate RELATED -j ACCEPT
        iptables -t raw -N CONNTRACK
        iptables -t raw -A PREROUTING -j CONNTRACK
 
IPFire 2.x development tree