projects
/
project
/
firewall4.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
ruleset: drop ctstate invalid traffic for masq-enabled zones
[project/firewall4.git]
/
tests
/
01_configuration
/
01_ruleset
diff --git
a/tests/01_configuration/01_ruleset
b/tests/01_configuration/01_ruleset
index e30ca76b3bb22666d173aedf6dc9b7e651331d90..c4fd5b48bdff32fe0bae205bdd5962619a26d590 100644
(file)
--- a/
tests/01_configuration/01_ruleset
+++ b/
tests/01_configuration/01_ruleset
@@
-213,6
+213,7
@@
table inet fw4 {
}
chain accept_to_wan {
+ meta nfproto ipv4 oifname "pppoe-wan" ct state invalid counter drop comment "!fw4: Prevent NAT leakage"
oifname "pppoe-wan" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic"
}