port [6229] to kamikaze

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@6275 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2007-02-08 01:25:18 +0000
committer: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2007-02-08 01:25:18 +0000
commit: b89ba4c713c6c315103c84fea2bed1d451820c58 (patch)
tree: d46b6bfdff0a783da768660baef6ad0bdb90373e /package/iptables
parent: 7af01d4894b972bc4b40b85b87f0059e1d9ab1d7 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index a4014f3ee..290bae1ea 100755
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -22,7 +22,8 @@ start() {
 	iptables -N output_rule
 	iptables -N forwarding_rule
 	iptables -N forwarding_wan
-	
+
+	iptables -t nat -N NEW
 	iptables -t nat -N prerouting_rule
 	iptables -t nat -N prerouting_wan
 	iptables -t nat -N postrouting_rule
@@ -99,11 +100,15 @@ start() {
 	# uses the default -P DROP
 	
 	### MASQ
+	iptables -t nat -A PREROUTING -m state --state NEW -j NEW 
 	iptables -t nat -A PREROUTING -j prerouting_rule
 	[ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan
 	iptables -t nat -A POSTROUTING -j postrouting_rule
 	[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
-	
+
+	iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+		iptables -t nat -A NEW -j DROP
+
 	## USER RULES
 	[ -f /etc/firewall.user ] && . /etc/firewall.user
 	[ -n "$WAN" -a -e /etc/config/firewall ] && {
author	nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2007-02-08 01:25:18 +0000
committer	nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2007-02-08 01:25:18 +0000
commit	b89ba4c713c6c315103c84fea2bed1d451820c58 (patch)
tree	d46b6bfdff0a783da768660baef6ad0bdb90373e /package/iptables
parent	7af01d4894b972bc4b40b85b87f0059e1d9ab1d7 (diff)