Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit f157caf3 authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Make firewallReplaceUidChain match the behaviour of createChain. 

The behaviour of the firewallReplaceUidChain was incorrect in
several ways:

1. It was missing the "always allow TCP RST packets" rules which
   were added in http://ag/963000 .
2. It included a RETURN statement at the end of blacklist chains,
   which is superfluous since all user-defined chains implicitly
   return, and became incorrect when http://ag/963000 switched the
   behaviour of blacklist chains from inserting new rules at the
   beginning to appending them at the end.
3. It was missing the rules to allow the types of ICMPv6 packets
   that are critical in maintaining connectivity.

By itself, this change is a no-op since nothing currently calls
firewallReplaceUidRule.

Bug: 26675191
Change-Id: I985e6861812908cbe7eaf0f54ca0ad39c22bbfeb
parent 54ecf16d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment