firewall4 icon indicating copy to clipboard operation
firewall4 copied to clipboard
verified publisher icon openwrt

scripts: restore fw3 ct flush behavior

Open brada4 opened this issue 11 months ago • 2 comments

Flush conntrack if fw4 is started with fw4 table absent Approximates fw3 ct flush when no iptables rules are present Prevents (deletes) eternal ghost states created at early boot. Also treat flush action called stopping the service, emulate 'destroy table' to to stay v23 compatible

Signed-off-by: Andris PE [email protected]

brada4 avatar May 11 '25 19:05 brada4

Raised here first https://forum.openwrt.org/t/firewall-control-over-established-sessions/228684 ~~Request to fully document nft table create upstream https://bugzilla.netfilter.org/show_bug.cgi?id=1800 Alternative would be to create and add test chain which fails in absence of parent table~~

brada4 avatar May 11 '25 19:05 brada4

Changed to draft, got better (performant) idea in works not needeing echo f kernel patch.

brada4 avatar Jun 19 '25 11:06 brada4