projects
/
project
/
firewall4.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
ruleset: drop ctstate invalid traffic for masq-enabled zones
[project/firewall4.git]
/
root
/
usr
/
share
/
firewall4
/
templates
/
ruleset.uc
diff --git
a/root/usr/share/firewall4/templates/ruleset.uc
b/root/usr/share/firewall4/templates/ruleset.uc
index d6333f18188dbb7224e21dd4199ad7442b78c9f2..d6eedfd55d599b7982cfab2bd1f93ddfc9dca50e 100644
(file)
--- a/
root/usr/share/firewall4/templates/ruleset.uc
+++ b/
root/usr/share/firewall4/templates/ruleset.uc
@@
-265,6
+265,9
@@
table inet fw4 {
{% if (zone.dflags[verdict]): %}
chain {{ verdict }}_to_{{ zone.name }} {
{% for (let rule in zone.match_rules): %}
+{% if (verdict == "accept" && (zone.masq || zone.masq6) && !zone.masq_allow_invalid): %}
+ {%+ include("zone-drop-invalid.uc", { fw4, zone, rule }) %}
+{% endif %}
{%+ include("zone-verdict.uc", { fw4, zone, rule, egress: true, verdict }) %}
{% endfor %}
}
projects / project / firewall4.git / blobdiff