projects / project / firewall4.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de3483c) | patch
ruleset: do not emit redundant drop invalid rules
authorAndris PE <neandris@gmail.com>
Sat, 14 Oct 2023 09:51:00 +0000 (12:51 +0300)
committerJo-Philipp Wich <jo@mein.io>
Fri, 3 Nov 2023 13:24:47 +0000 (14:24 +0100)
commit7392792e768b4d5c373f66ec400fd4100df1b4e0
treec7212b710a7ad17ba19b923d9086229b740830cftree | snapshot
parentde3483c561a728d5234a0a3f49b5dde4527a0f3fcommit | diff
ruleset: do not emit redundant drop invalid rules

The wan interface drop rule unnecessarily persists when invalid state
is dropped globally and the rule cannot catch anything at all, so remove
it as the effect is achieved by default and to global extent.

Fixes: 119ee1a ("ruleset: drop ctstate invalid traffic for masq-enabled zones")
Signed-off-by: Andris PE <neandris@gmail.com>
[fix S-o-b tag, fix commit author, reword commit subject and message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
root/usr/share/firewall4/templates/ruleset.uc diff | blob | history
OpenWrt nftables firewall