firewall: fix forwarding local subnet traffic
Packets which are merely forwarded by the router and which are neither involved in any DNAT/SNAT nor originate locally, are considered INVALID from a conntrack point of view, causing them to get dropped in the zone_*_dest_ACCEPT chains, since those only allow stream with state NEW or UNTRACKED. Remove the ctstate restriction on dest accept chains to properly pass- through unrelated 3rd party traffic. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
parent
9641ceea0c
commit
920170a27f
1 changed files with 3 additions and 3 deletions
|
@ -13,9 +13,9 @@ PKG_RELEASE:=1
|
|||
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
|
||||
PKG_SOURCE_DATE:=2016-11-29
|
||||
PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
|
||||
PKG_MIRROR_HASH:=6ba6e96a588dd3afd7e9db7e9246c5cc6c560aa95385592960c6b71b5a9c6395
|
||||
PKG_SOURCE_DATE:=2017-01-13
|
||||
PKG_SOURCE_VERSION:=37cb4cb437fd685f31926a4c326ba8afe329e4a6
|
||||
PKG_MIRROR_HASH:=7ee075f05977e5d9a78e661b537e6eb077c8f328ff2e71d1e2fbef44cca97355
|
||||
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
|
||||
PKG_LICENSE:=ISC
|
||||
|
||||
|
|
Loading…
Reference in a new issue