diff options
author | Waldemar Brodkorb <wbx@openadk.org> | 2010-01-04 23:18:14 +0100 |
---|---|---|
committer | Waldemar Brodkorb <wbx@openadk.org> | 2010-01-04 23:18:14 +0100 |
commit | 3f23dcd7a5f06f8cdda0ee8b1492cfd0b6c1413f (patch) | |
tree | 4fdbb680f08b893084e78719a574d1a19b7b26de | |
parent | 6c7111529ca4f24aa848de5c60cecfb01e3717fc (diff) |
fix default firewall script and kernel mod dependencies
-rw-r--r-- | mk/modules.mk | 4 | ||||
-rw-r--r-- | package/iptables/Makefile | 2 | ||||
-rw-r--r-- | package/iptables/files/firewall.conf | 6 | ||||
-rw-r--r-- | target/linux/config/Config.in.netfilter | 5 |
4 files changed, 12 insertions, 5 deletions
diff --git a/mk/modules.mk b/mk/modules.mk index eaf14f6f6..948a68364 100644 --- a/mk/modules.mk +++ b/mk/modules.mk @@ -342,6 +342,10 @@ $(eval $(call KMOD_template,NETFILTER_XT_TARGET_NFQUEUE,netfilter-xt-target-nfqu $(MODULES_DIR)/kernel/net/netfilter/xt_NFQUEUE \ ,50)) +$(eval $(call KMOD_template,NETFILTER_XT_TARGET_TCPMSS,netfilter-xt-target-tcpmss,\ + $(MODULES_DIR)/kernel/net/netfilter/xt_TCPMSS \ +,50)) + $(eval $(call KMOD_template,NETFILTER_XT_TARGET_NOTRACK,netfilter-xt-target-notrack,\ $(MODULES_DIR)/kernel/net/netfilter/xt_NOTRACK \ ,50)) diff --git a/package/iptables/Makefile b/package/iptables/Makefile index b7f98121e..f5f2d2392 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -9,7 +9,7 @@ PKG_RELEASE:= 1 PKG_MD5SUM:= c67cf30e281a924def6426be0973df56 PKG_DESCR:= The netfilter firewalling software PKG_SECTION:= net -PKG_DEPENDS:= kmod-ip-nf-iptables kmod-nf-conntrack kmod-nf-conntrack-ipv4 kmod-nf-nat kmod-ip-nf-target-masquerade kmod-ip-nf-target-reject kmod-ip-nf-filter +PKG_DEPENDS:= kmod-ip-nf-iptables kmod-nf-conntrack kmod-nf-conntrack-ipv4 kmod-nf-nat kmod-ip-nf-target-masquerade kmod-ip-nf-target-reject kmod-ip-nf-filter kmod-ip-nf-match-state kmod-netfilter-xt-target-tcpmss PKG_URL:= http://www.netfilter.org PKG_SITES:= http://www.netfilter.org/projects/iptables/files/ \ ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \ diff --git a/package/iptables/files/firewall.conf b/package/iptables/files/firewall.conf index bc9a39c41..2c8faaa34 100644 --- a/package/iptables/files/firewall.conf +++ b/package/iptables/files/firewall.conf @@ -1,13 +1,11 @@ #!/bin/sh - - echo "configure /etc/firewall.conf first." exit 1 ### Interfaces WAN=ppp0 LAN=br0 -WLAN= +WLAN=wlan0 ###################################################################### ### Default ruleset @@ -29,7 +27,7 @@ iptables -P FORWARD DROP # base case iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP +iptables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP # custom rules iptables -A INPUT -j input_rule diff --git a/target/linux/config/Config.in.netfilter b/target/linux/config/Config.in.netfilter index 79acfe564..8b818a695 100644 --- a/target/linux/config/Config.in.netfilter +++ b/target/linux/config/Config.in.netfilter @@ -189,6 +189,11 @@ config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_NFQUEUE As opposed to QUEUE, it supports 65535 different queues, not just one. +config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_TCPMSS + tristate 'TCPMSS target' + select ADK_KERNEL_NETFILTER_XTABLES + help + endmenu menu "IP: Netfilter Configuration" |