Do not emit extra drop invalid rule if drop invalid is already enacted in base table.

openwrt / firewall4

[MIRROR] OpenWrt nftables firewall

https://git.openwrt.org/?p=project/firewall4.git;

17 stars 13 forks source link

Do not emit extra drop invalid rule if drop invalid is already enacted in base table. #13

Closed brada4 closed 1 year ago

brada4 commented 1 year ago

Completes: https://github.com/openwrt/firewall4/commit/119ee1a06d4a5e5fd01ec1a242d21d6f355d7ff6 Signed-off-by: Andris PE <neandris..gmail.com>

On 23.05 and snapshot the wan interface invalid+drop rule unnecessarily persists when invalid states is dropped globally and the rule cannot catch anything at all, so remove it as the effect is achieved by default and to global extent. @jow-

jow- commented 1 year ago

Merged via 7392792e768b4d5c373f66ec400fd4100df1b4e0 - thanks!