firewall: flush conntrack table after changing interface rules

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35348 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-01-28 15:53:44 +00:00 · 2013-01-28 15:53:44 +00:00 · 1b4e6e5e76
parent 88d95b7acc
commit 1b4e6e5e76
2 changed files with 5 additions and 2 deletions
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2008-2013 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall

 PKG_VERSION:=2
-PKG_RELEASE:=56
+PKG_RELEASE:=57

 include $(INCLUDE_DIR)/package.mk

--- a/package/network/config/firewall/files/lib/core_interface.sh
+++ b/package/network/config/firewall/files/lib/core_interface.sh
@ -106,6 +106,9 @@ fw_configure_interface() {
 		fw $action $mode r PREROUTING ${chain}_notrack    $ { -i "$ifname" $inet }
 		fw $action $mode n POSTROUTING ${chain}_nat       $ { -o "$ifname" $onet }

+		# Flush conntrack table
+		echo f >/proc/net/nf_conntrack 2>/dev/null
+
 		lock -u /var/run/firewall-interface.lock
 	}