Fix another messup in NAT code

2010-07-15 04:03:28 +00:00 · 2010-07-15 04:03:28 +00:00 · 9a9ff7c3cd
commit 9a9ff7c3cd
parent 15b798c163
1 changed files with 3 additions and 1 deletions
--- a/rc.firewall
+++ b/rc.firewall
@ -89,9 +89,11 @@ if [ $CONNTRACK ]; then
 	$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 	$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 	$IPTABLES -A FORWARD -m state --state NEW -j ACCEPT
-	$IPTABLES -A INPUT -m state --state INVALID -j DROP
 	$IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 	$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT
+	$IPTABLES -A INPUT -m state --state INVALID -j DROP
+	$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
+	$IPTABLES -A FORWARD -m state --state INVALID -j DROP
 fi

 if [ "$BLOCKTCPPORTS" ] || [ "$BLOCKUDPPORTS" ]; then