projects / openwrt / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ea23ba9) | patch
netfilter: add iptables-mod-rpfilter package
authorAlin Nastac <alin.nastac@gmail.com>
Fri, 16 Jun 2017 12:16:07 +0000 (14:16 +0200)
committerJo-Philipp Wich <jo@mein.io>
Wed, 13 Dec 2017 15:23:38 +0000 (16:23 +0100)
commitc86490605c5511e88093d3584dc9a277afcb9d6d
treec5f2c75f096cb0de17954906739fd9ee1f8bd8eftree | snapshot
parentea23ba9a250714302e9fc21bfc52293b3cddfdddcommit | diff
netfilter: add iptables-mod-rpfilter package

Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(cherry picked from commit d8748e537f11ab5f2b5e2ed25d94baa5ce353984)
include/netfilter.mk diff | blob | history
package/kernel/linux/modules/netfilter.mk diff | blob | history
package/network/utils/iptables/Makefile diff | blob | history
OpenWrt Source Repository