firewall: flush conntrack table after changing interface rules

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35348 3c298f89-4303-0410-b956-a3cf2f4a3e73

2 files changed, 5 insertions, 2 deletions

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index 1cfc734a32..fce0a808cd 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2008-2013 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=56
+PKG_RELEASE:=57
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/network/config/firewall/files/lib/core_interface.sh b/package/network/config/firewall/files/lib/core_interface.sh
index 3d6718431f..7400e2d351 100644
--- a/package/network/config/firewall/files/lib/core_interface.sh
+++ b/package/network/config/firewall/files/lib/core_interface.sh
@@ -106,6 +106,9 @@ fw_configure_interface() {
 		fw $action $mode r PREROUTING ${chain}_notrack    $ { -i "$ifname" $inet }
 		fw $action $mode n POSTROUTING ${chain}_nat       $ { -o "$ifname" $onet }
 
+		# Flush conntrack table
+		echo f >/proc/net/nf_conntrack 2>/dev/null
+
 		lock -u /var/run/firewall-interface.lock
 	}