gluon-firewall: enable conntrack on WAN

Otherwise, the state match doesn't work, not allowing replies to outgoing packets to get in.
2014-06-13 21:56:32 +02:00 · 2014-06-13 21:56:32 +02:00 · 14ea7980f6
commit 14ea7980f6
parent d3d22a17d1
1 changed files with 1 additions and 0 deletions
--- a/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall
+++ b/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall
@ -9,6 +9,7 @@ local c = uci.cursor()
 local function reject_input_on_wan(zone)
 	if zone.name == 'wan' then
 		c:set('firewall', zone['.name'], 'input', 'REJECT')
+		c:set('firewall', zone['.name'], 'conntrack', '1')
 	end

 	return true