firewall: drop invalid by default, remove chain indirection, fix invert flags (#21738)

* Enable drop_invalid by default to catch unnatted packets (#21738)
* Fix processing of inversions for -i, -o, -s, -d and -p flags
* Remove delegate_* chain indirection but rely on xt_id to identify own rules

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48551
This commit is contained in:
Jo-Philipp Wich 2016-01-29 17:26:41 +00:00
parent a6fe27a59a
commit 6064710b90

View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2013-2015 OpenWrt.org
# Copyright (C) 2013-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2015-07-27
PKG_VERSION:=2016-01-29
PKG_RELEASE:=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(OPENWRT_GIT)/project/firewall3.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=980b7859bbd1db1e5e46422fccccbce38f9809ab
PKG_SOURCE_VERSION:=8957be6c026858fe414aef69281d8aa06f7ea122
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
PKG_LICENSE:=ISC