Fix another messup in NAT code

master
bbruns 2010-07-15 04:03:28 +00:00
parent 15b798c163
commit 9a9ff7c3cd
1 changed files with 3 additions and 1 deletions

View File

@ -89,9 +89,11 @@ if [ $CONNTRACK ]; then
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state INVALID -j DROP
fi fi
if [ "$BLOCKTCPPORTS" ] || [ "$BLOCKUDPPORTS" ]; then if [ "$BLOCKTCPPORTS" ] || [ "$BLOCKUDPPORTS" ]; then