From: Oleg I. Vdovikin <oleg@cs.msu.su>
Date: Sun, 5 Jun 2005 06:20:09 +0000 (+0000)
Subject: relates connections should be mss clamped too
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=825ab4dd9aceb0fd02ac7c92a8b2786457947089;p=openwrt%2Fsvn-archive%2Farchive.git

relates connections should be mss clamped too


SVN-Revision: 1142
---

diff --git a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
index 072f411a9f..8f9b9404e5 100755
--- a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
@@ -63,8 +63,8 @@ iptables -t nat -N postrouting_rule
   # base case
   iptables -P FORWARD DROP 
   iptables -A FORWARD -m state --state INVALID -j DROP
-  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
   # allow
   iptables -A FORWARD -i br0 -o br0 -j ACCEPT