projects / project / firewall3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d596f72) | patch
zones: drop outgoing invalid traffic in masqueraded zones
authorJo-Philipp Wich <jo@mein.io>
Sun, 9 Apr 2017 12:35:32 +0000 (14:35 +0200)
committerJo-Philipp Wich <jo@mein.io>
Thu, 27 Apr 2017 15:10:50 +0000 (17:10 +0200)
commite751cde8954a09ea32f67a8bf7974b4dc1395f2e
tree73a4bbbb0097d15a8b47e499122e071f09840003tree | snapshot
parentd596f728e98bf4124de4018e28ecdc8ab070f34ccommit | diff
zones: drop outgoing invalid traffic in masqueraded zones

Install conntrack state invalid drop rules to catch outgoing, un-natted
traffic in zones with enabled masquerading.

Also introduce a new option "masq_allow_invalid" it inhibit this new
drop rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
options.h diff | blob | history
zones.c diff | blob | history
OpenWrt firewall configuration utility