@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-firewall
-PKG_VERSION:=2
+PKG_VERSION:=3
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
@@ -16,7 +16,8 @@ define Package/$(PKG_NAME)
DEPENDS:=+arptables \
+ebtables +ebtables-utils \
+kmod-ebtables-ipv4 +kmod-ebtables-ipv6 \
- +iptables-mod-filter +iptables-mod-ipopt +iptables-mod-conntrack-extra
+ +iptables-mod-filter +iptables-mod-ipopt +iptables-mod-conntrack-extra \
+ +kmod-nf-conntrack6
endef
define Package/$(PKG_NAME)/description
@@ -3,5 +3,5 @@ iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEP
iptables -A INPUT -i $IF_WAN -j REJECT
# Limit ssh to 6 new connections per 60 seconds
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
+/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
+/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP