From 098142b23269577558d17545033c302ab73b215e Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sat, 20 Feb 2010 20:38:36 +0000
Subject: [PATCH] move INVALID handler after ICMP handler due to ip6tables bug

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 modules/ferm/files/ferm.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index 55960209..166d5170 100644
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -10,8 +10,8 @@ domain (ip ip6) {
                policy DROP;
                mod state state (ESTABLISHED RELATED) ACCEPT;
                interface lo ACCEPT;
-               mod state state (INVALID) DROP;
                proto icmp ACCEPT;
+               proto (tcp udp) mod state state (INVALID) DROP;
        }
 }
 
-- 
2.39.2