firewall: flush conntrack table after changing interface rules

SVN-Revision: 35348
12 years ago · 839f3ab0e7
parent ec41a6a08c
commit 839f3ab0e7
2 changed files with 5 additions and 2 deletions
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2008-2013 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall

 PKG_VERSION:=2
-PKG_RELEASE:=56
+PKG_RELEASE:=57

 include $(INCLUDE_DIR)/package.mk

--- a/package/network/config/firewall/files/lib/core_interface.sh
+++ b/package/network/config/firewall/files/lib/core_interface.sh
@ -106,6 +106,9 @@ fw_configure_interface() {
 		fw $action $mode r PREROUTING ${chain}_notrack    $ { -i "$ifname" $inet }
 		fw $action $mode n POSTROUTING ${chain}_nat       $ { -o "$ifname" $onet }

+		# Flush conntrack table
+		echo f >/proc/net/nf_conntrack 2>/dev/null
+
 		lock -u /var/run/firewall-interface.lock
 	}