Diff for scripts/shell/firewall/default-firewall.conf between version 2.29 and 2.30
version 2.29, 2008/04/13 19:27:00 |
version 2.30, 2009/01/16 23:33:32 |
|
|
# 2004-11-14 - created |
# 2004-11-14 - created |
# |
# |
|
|
# $Platon: scripts/shell/firewall/default-firewall.conf,v 2.28 2008-02-02 22:57:54 rajo Exp $ |
# $Platon: scripts/shell/firewall/default-firewall.conf,v 2.29 2008-04-13 19:27:00 rajo Exp $ |
|
|
# uncomment next line for debugging |
# uncomment next line for debugging |
#DEBUG="echo " |
#DEBUG="echo " |
|
|
DEFAULT_POLICY="DROP" |
DEFAULT_POLICY="DROP" |
|
|
# which modules to load |
# which modules to load |
MODULES="ipt_LOG ipt_REJECT ip_conntrack_ftp ip_nat_ftp" |
# |
|
# https://dev.openwrt.org/ticket/3527 |
|
# For the kernel part, since 2.6.25 tos/TOS kernel modules have been merged with dscp/DSCP modules in xt_dscp.ko and xt_DSCP.ko. There is no more ipt_(tos|TOS).ko. |
|
# |
|
# Concerning the iptables modules, libipt_(tos|TOS).so installation depends (in |
|
# include/netfilter.mk) on CONFIG_IP_NF_(TARGET|MATCH)_TOS symbols which no |
|
# longer exist. tos/TOS modules are not included for installation. |
|
# |
|
# I don't know if there is a quick fix around the CONFIG_IP_NF_(TARGET|MATCH)_TOS symbols... |
|
# |
|
# The best solution would be to upgrade netfilter to 1.4.1.1 when using a kernel version >= 2.6.25. |
|
MODULES="ipt_LOG ipt_REJECT ip_conntrack_ftp ip_nat_ftp ipt_TOS xt_DSCP" |
|
|
# Turn on and turn off logging via syslog |
# Turn on and turn off logging via syslog |
# Default: on |
# Default: on |
Platon Group <platon@platon.org> http://platon.org/
|
|