Changeset 966
- Timestamp:
- 02/23/06 11:40:42 (3 years ago)
- Files:
-
- trunk/wifidog/src/fw_iptables.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wifidog/src/fw_iptables.c
r965 r966 276 276 277 277 /* TCPMSS rule for PPPoE */ 278 iptables_do_command("-t filter -A FORWARD -m state --state INVALID -j DROP");279 iptables_do_command("-t filter -A FORWARD-m state --state RELATED,ESTABLISHED -j ACCEPT");278 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " FORWARD -m state --state INVALID -j DROP"); 279 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m state --state RELATED,ESTABLISHED -j ACCEPT"); 280 280 if (ext_interface != NULL) { 281 iptables_do_command("-t filter -A FORWARD-i %s -m state --state NEW,INVALID -j DROP", gw_interface);282 iptables_do_command("-t filter -A FORWARD-o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", gw_interface);281 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -i %s -m state --state NEW,INVALID -j DROP", gw_interface); 282 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", gw_interface); 283 283 } else { 284 284 /* Will this work even if we don't specify an external interface? */ 285 iptables_do_command("-t filter -A FORWARD-m state --state NEW,INVALID -j DROP");286 iptables_do_command("-t filter -A FORWARD-p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu");285 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m state --state NEW,INVALID -j DROP"); 286 iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"); 287 287 } 288 288
