functions.m4: Only call `allow-non-init-frag' on fragments.

author Mark Wooding <mdw@distorted.org.uk>

Thu, 26 Mar 2015 21:57:00 +0000 (21:57 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Thu, 26 Mar 2015 22:15:06 +0000 (22:15 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Thu, 26 Mar 2015 21:57:00 +0000 (21:57 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Thu, 26 Mar 2015 22:15:06 +0000 (22:15 +0000)
diff --git a/functions.m4 b/functions.m4

index c0b90ed..c8a08c4 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -239,7 +239,8 @@ m4_divert(38)m4_dnl
  run ip6tables -N accept-non-init-frag
  run ip6tables -A accept-non-init-frag -j RETURN \
         -m frag --fragfirst
-run ip6tables -A accept-non-init-frag -j ACCEPT
+run ip6tables -A accept-non-init-frag -j ACCEPT \
+       -m ipv6header --header frag
  
  m4_divert(20)m4_dnl
  ## allowservices CHAIN PROTO SERVICE ...
author	Mark Wooding <mdw@distorted.org.uk>
	Thu, 26 Mar 2015 21:57:00 +0000 (21:57 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Thu, 26 Mar 2015 22:15:06 +0000 (22:15 +0000)