summaryrefslogtreecommitdiff
path: root/package/iptables/files
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2007-02-08 01:25:18 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2007-02-08 01:25:18 +0000
commitb89ba4c713c6c315103c84fea2bed1d451820c58 (patch)
treed46b6bfdff0a783da768660baef6ad0bdb90373e /package/iptables/files
parent7af01d4894b972bc4b40b85b87f0059e1d9ab1d7 (diff)
port [6229] to kamikaze
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@6275 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/iptables/files')
-rwxr-xr-xpackage/iptables/files/firewall.init9
1 files changed, 7 insertions, 2 deletions
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index a4014f3ee7..290bae1eac 100755
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -22,7 +22,8 @@ start() {
iptables -N output_rule
iptables -N forwarding_rule
iptables -N forwarding_wan
-
+
+ iptables -t nat -N NEW
iptables -t nat -N prerouting_rule
iptables -t nat -N prerouting_wan
iptables -t nat -N postrouting_rule
@@ -99,11 +100,15 @@ start() {
# uses the default -P DROP
### MASQ
+ iptables -t nat -A PREROUTING -m state --state NEW -j NEW
iptables -t nat -A PREROUTING -j prerouting_rule
[ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan
iptables -t nat -A POSTROUTING -j postrouting_rule
[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
-
+
+ iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+ iptables -t nat -A NEW -j DROP
+
## USER RULES
[ -f /etc/firewall.user ] && . /etc/firewall.user
[ -n "$WAN" -a -e /etc/config/firewall ] && {