Menu
▾
▴
[Routingtools-cvs] tools/rc.d firewall,1.26,1.27
|
From: <hur...@us...> - 2003-11-15 13:21:00
|
Update of /cvsroot/routingtools/tools/rc.d In directory sc8-pr-cvs1:/tmp/cvs-serv25867/rc.d Modified Files: firewall Log Message: - block unclean packets in first place so they never get forwarded to NAT client, even if they belong to a known established connection Index: firewall =================================================================== RCS file: /cvsroot/routingtools/tools/rc.d/firewall,v retrieving revision 1.26 retrieving revision 1.27 diff -C2 -d -r1.26 -r1.27 *** firewall 12 Nov 2003 23:18:35 -0000 1.26 --- firewall 15 Nov 2003 13:20:54 -0000 1.27 *************** *** 181,184 **** --- 181,186 ---- $IPTABLES -N Block + $IPTABLES -A Block -m unclean -j LogDrop + if [ "$FW_IPSEC" = "yes" ]; then $IPTABLES -A Block -p esp -j ACCEPT *************** *** 188,192 **** $IPTABLES -A Block -m state --state NEW -p tcp ! --syn -j LogUnknown $IPTABLES -A Block -m state --state ESTABLISHED,RELATED -j ACCEPT - $IPTABLES -A Block -m unclean -j LogDrop for host in $FW_HOSTILE; do --- 190,193 ---- *************** *** 344,347 **** --- 345,352 ---- # # $Log$ + # Revision 1.27 2003/11/15 13:20:54 hurikhan + # - block unclean packets in first place so they never get forwarded to + # NAT client, even if they belong to a known established connection + # # Revision 1.26 2003/11/12 23:18:35 hurikhan # - tuned reject icmp messages |
