openwrt/package
Baptiste Jonglez ef597b026b firewall: config: drop input traffic by default
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.

The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.

This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest.  Thus, in normal operations, the
default policy is not used.

Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2022-11-01 23:25:39 +01:00
..
base-files base-files: bring back nand_do_upgrade_success 2022-10-30 20:26:12 +00:00
boot uboot-envtools: Fix format of autogenerated sectors 2022-11-01 18:04:38 +01:00
devel gdb: add patch adding support for readline 8.2 2022-10-23 18:16:03 +02:00
firmware linux-firmware: update to 20221012 2022-10-22 21:10:34 +02:00
kernel kernel: Add kmod-drm-ttm-helper 2022-11-01 14:47:14 +01:00
libs libnl-tiny: update to the latest version 2022-11-01 18:04:39 +01:00
network firewall: config: drop input traffic by default 2022-11-01 23:25:39 +01:00
system fstools: update to git HEAD 2022-10-18 20:08:39 +01:00
utils mtd-utils: update to 2.1.5 2022-10-22 19:55:52 +02:00
Makefile build: fix opkg install step for large package selection 2021-05-12 11:13:53 +02:00