projects / project / firewall3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df1306a)
firewall3: remove redundant syn check
authorKevin Darbyshire-Bryant <[email protected]>
Sun, 25 Apr 2021 17:40:52 +0000 (18:40 +0100)
committerRui Salvaterra <[email protected]>
Sat, 8 Jan 2022 11:33:58 +0000 (11:33 +0000)
syn_flood chain entry is guarded by '--syn' checks in the calling chains, so the
syn_flood chain doesn't need to check packet flags, it only needs to count and
potentially drop.

Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
defaults.c patch | blob | history

diff --git a/defaults.c b/defaults.c
index 7ad4fbae8439177f9b04f637ff9fa8c22f70e635..8a9a9295f00500ca7ba655de111acc643d41b214 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -278,8 +278,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 
                if (defs->syn_flood)
                {
-                       r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL);
-                       fw3_ipt_rule_extra(r, "--syn");
+                       r = fw3_ipt_rule_create(handle, NULL, NULL, NULL, NULL, NULL);
                        fw3_ipt_rule_limit(r, &defs->syn_flood_rate);
                        fw3_ipt_rule_target(r, "RETURN");
                        fw3_ipt_rule_append(r, "syn_flood");
OpenWrt firewall configuration utility