[2/6] firewall: Don't filter output INVALID packets
Commit Message
This should never cause any problems, but will cause that certain more
complicated featured like SYNPROXY won't work.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/initscripts/system/firewall | 1 -
1 file changed, 1 deletion(-)
@@ -156,7 +156,6 @@ iptables_init() {
iptables -N CTOUTPUT
iptables -A CTOUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -A CTOUTPUT -m conntrack --ctstate INVALID -j CTINVALID
iptables -A CTOUTPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
# Restore any connection marks