brielle/Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More small fixes

Browse Source
This commit is contained in:
bbruns 2010-08-21 17:50:39 +00:00
parent a65ee701a8
commit 3150b0f03f
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
rc.firewall
View File

@ -325,15 +325,17 @@ if [ $NAT ]; then
fi fi
#================= #=================
# This section is going away in 1.0 # This section is going away in 1.0
for i in $NATRANGE; do if [ "$NATRANGE" ]; then
$IPTABLES -A POSTROUTING -t nat -s $i -o $NATEXTIF -j SNAT --to-source $NATEXTIP for i in $NATRANGE; do
done $IPTABLES -A POSTROUTING -t nat -s $i -o $NATEXTIF -j SNAT --to-source $NATEXTIP
#This is necessary to make sure that PMTU works done
$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o $NATEXTIF \ #This is necessary to make sure that PMTU works
-j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o $NATEXTIF \
$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed \ -j ACCEPT
-o $NATEXTIF -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed \
-o $NATEXTIF -j ACCEPT
#================= #=================
fi
fi fi
$IPTABLES --policy INPUT ACCEPT $IPTABLES --policy INPUT ACCEPT