From 7aabd41def3b5fbe27487de38e8dec04caeb2ea1 Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Sun, 4 Nov 2018 19:19:09 +0000
Subject: [PATCH] simplifying and adding flexibility to the NOTRACK rules

---
 files/firewall | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/files/firewall b/files/firewall
index 9101088..43c7869 100755
--- a/files/firewall
+++ b/files/firewall
@@ -51,8 +51,10 @@ case $1 in
         iptables -t nat -F
         iptables -t raw -F
 
-        iptables -t raw -A PREROUTING ! -i mgmt1 -j NOTRACK
-        iptables -t raw -A OUTPUT     ! -o mgmt  -j NOTRACK
+        iptables -t raw -A PREROUTING -i mgmt1 -j ACCEPT
+        iptables -t raw -A OUTPUT     -o mgmt  -j ACCEPT
+        iptables -t raw -A PREROUTING          -j NOTRACK
+        iptables -t raw -A OUTPUT              -j NOTRACK
 
 
 
@@ -88,10 +90,15 @@ case $1 in
         ip6tables -t nat -F
         ip6tables -t raw -F
 
-        ip6tables -t raw -A PREROUTING ! -i mgmt1 -j NOTRACK
-        ip6tables -t raw -A OUTPUT     ! -o mgmt  -j NOTRACK
+        ip6tables -t raw -A PREROUTING -i mgmt1 -j ACCEPT
+        ip6tables -t raw -A OUTPUT     -o mgmt  -j ACCEPT
+        ip6tables -t raw -A PREROUTING          -j NOTRACK
+        ip6tables -t raw -A OUTPUT              -j NOTRACK
 
 
+       #some boxes get special addon rules
+        [ -e /etc/init.d/firewall-addon ] && source /etc/init.d/firewall-addon
+
         ;;
 
    stop)