iifname "lo" accept comment "!fw4: Accept traffic from loopback"
- ct state established,related accept comment "!fw4: Allow inbound established and related flows"
+ ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
tcp flags & (fin | syn | rst | ack) == syn jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
type filter hook forward priority filter; policy drop;
meta l4proto { tcp, udp } flow offload @ft;
- ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
+ ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
jump handle_reject
oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
- ct state established,related accept comment "!fw4: Allow outbound established and related flows"
+ ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
meta l4proto tcp counter comment "!fw4: Test-Deprecated-Rule-Option"
oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
oifname "pppoe-wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
projects / project / firewall4.git / blobdiff