Update of /cvsroot/routingtools/tools/rc.d
In directory sc8-pr-cvs1:/tmp/cvs-serv25867/rc.d
Modified Files:
firewall
Log Message:
- block unclean packets in first place so they never get forwarded to
NAT client, even if they belong to a known established connection
Index: firewall
===================================================================
RCS file: /cvsroot/routingtools/tools/rc.d/firewall,v
retrieving revision 1.26
retrieving revision 1.27
diff -C2 -d -r1.26 -r1.27
*** firewall 12 Nov 2003 23:18:35 -0000 1.26
--- firewall 15 Nov 2003 13:20:54 -0000 1.27
***************
*** 181,184 ****
--- 181,186 ----
$IPTABLES -N Block
+ $IPTABLES -A Block -m unclean -j LogDrop
+
if [ "$FW_IPSEC" = "yes" ]; then
$IPTABLES -A Block -p esp -j ACCEPT
***************
*** 188,192 ****
$IPTABLES -A Block -m state --state NEW -p tcp ! --syn -j LogUnknown
$IPTABLES -A Block -m state --state ESTABLISHED,RELATED -j ACCEPT
- $IPTABLES -A Block -m unclean -j LogDrop
for host in $FW_HOSTILE; do
--- 190,193 ----
***************
*** 344,347 ****
--- 345,352 ----
#
# $Log$
+ # Revision 1.27 2003/11/15 13:20:54 hurikhan
+ # - block unclean packets in first place so they never get forwarded to
+ # NAT client, even if they belong to a known established connection
+ #
# Revision 1.26 2003/11/12 23:18:35 hurikhan
# - tuned reject icmp messages
|
