projects / project / firewall4.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00fc694)
config: drop to-be-forwarded-nowhere packets on wans
authorAndris PE <[email protected]>
Thu, 29 Feb 2024 14:17:03 +0000 (16:17 +0200)
committerJo-Philipp Wich <[email protected]>
Mon, 17 Mar 2025 15:46:41 +0000 (16:46 +0100)
Dropping packets with no clear forward destination is nicer than rejecting
them. Especially when some providers punish users for spoofing caused by
their noisy infra.

Fixes: https://github.com/openwrt/openwrt/issues/13340
Signed-Off-By: Andris PE <[email protected]>
root/etc/config/firewall patch | blob | history

diff --git a/root/etc/config/firewall b/root/etc/config/firewall
index d78a00c28988909971898fdbd275aff4ae94b788..48b2440bea70a38ee15c9a9339224b9ec1a415fa 100644 (file)
--- a/root/etc/config/firewall
+++ b/root/etc/config/firewall
@@ -19,7 +19,7 @@ config zone
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
-       option forward          REJECT
+       option forward          DROP
        option masq             1
        option mtu_fix          1
 
OpenWrt nftables firewall