relates connections should be mss clamped too

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1142 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: oleg <oleg@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2005-06-05 06:20:09 +0000
committer: oleg <oleg@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2005-06-05 06:20:09 +0000
commit: 8f1086e5c9b2a66a8774ff8688517a34cd75d968 (patch)
tree: 9f3c51e822a9c0535456882bc8c9accd3fa185ec /target
parent: 933cf2babfd76f50f2cf6e01e22bf7f4135b1250 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/target/default/target_skeleton/etc/init.d/S45firewall b/target/default/target_skeleton/etc/init.d/S45firewall
index 072f411a9..8f9b9404e 100755
--- a/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/target/default/target_skeleton/etc/init.d/S45firewall
@@ -63,8 +63,8 @@ iptables -t nat -N postrouting_rule
   # base case
   iptables -P FORWARD DROP 
   iptables -A FORWARD -m state --state INVALID -j DROP
-  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
   # allow
   iptables -A FORWARD -i br0 -o br0 -j ACCEPT
author	oleg <oleg@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2005-06-05 06:20:09 +0000
committer	oleg <oleg@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2005-06-05 06:20:09 +0000
commit	8f1086e5c9b2a66a8774ff8688517a34cd75d968 (patch)
tree	9f3c51e822a9c0535456882bc8c9accd3fa185ec /target
parent	933cf2babfd76f50f2cf6e01e22bf7f4135b1250 (diff)