mind fragments in fw simple example

2016-10-20 19:04:18 +02:00 · 2016-10-20 19:04:18 +02:00 · 6bb2c7a8e4
commit 6bb2c7a8e4
parent 479bfe4c60
2 changed files with 5 additions and 3 deletions
--- a/examples/simple/create-fw.sh
+++ b/examples/simple/create-fw.sh
@ -35,8 +35,10 @@ RANDOM_FILE=`pwd`/${RANDOM_FILE_NAME}
 #disable connection tracking for ts3 server
 sudo ${IPTABLES} -t raw -A PREROUTING -p udp --dport 9987 -j CT --notrack

-#move ts3 traffic to TS3_TRAFFIC chain, and filetransfer to TCP chain
-sudo ${IPTABLES} -A INPUT -p udp --dport 9987 -j TS3_UDP_TRAFFIC
+#move ts3 traffic to TS3_TRAFFIC chain (do not allow fragments)
+sudo ${IPTABLES} -A INPUT -p udp --dport 9987 \! -f -j TS3_UDP_TRAFFIC
+
+#move filetransfer to TCP chain
 sudo ${IPTABLES} -A INPUT -p tcp --dport 30033 -j TS3_TCP_TRAFFIC

 #Allow authorized clients on UDP
--- a/examples/simple/delete-fw.sh
+++ b/examples/simple/delete-fw.sh
@ -13,7 +13,7 @@ fi

 #clear up ${IPTABLES}
 sudo ${IPTABLES} -t raw -D PREROUTING -p udp --dport 9987 -j CT --notrack
-sudo ${IPTABLES} -D INPUT -p udp --dport 9987 -j TS3_UDP_TRAFFIC
+sudo ${IPTABLES} -D INPUT -p udp --dport 9987 \! -f -j TS3_UDP_TRAFFIC
 sudo ${IPTABLES} -D INPUT -p tcp --dport 30033 -j TS3_TCP_TRAFFIC

 sudo ${IPTABLES} -F TS3_UDP_TRAFFIC