iptables: drop redundant rules about forwarding

There is actually no point in keeping those 2 rules as the default action in `FORWARD` chain is `ACCEPT` anyways. Removing them helps to save a few CPU cycles. Submitted by: Anton Saietskii <vsasjason@gmail.com>
author: PÁLI Gábor János <pali.gabor@gmail.com> 2024-03-19 11:01:46 +0100
committer: PÁLI Gábor János <pali.gabor@gmail.com> 2024-03-24 14:49:56 +0100
commit: 12cb08b82a8d2dd7ff40d11c02178de916d835e8 (patch)
tree: ab8f68b5ce6fb670de451ff1b61d3929047a27cb /etc/optional/ipv6/hostapd
parent: d7e702dd5529860e3d97a84e387bad95573f5894 (diff)
download: freebsd-wifibox-alpine-12cb08b82a8d2dd7ff40d11c02178de916d835e8.zip
1 files changed, 1 insertions, 4 deletions
diff --git a/etc/optional/ipv6/hostapd/appliance/ip6tables.sample b/etc/optional/ipv6/hostapd/appliance/ip6tables.sample
index a2dd906..f612a24 100644
--- a/etc/optional/ipv6/hostapd/appliance/ip6tables.sample
+++ b/etc/optional/ipv6/hostapd/appliance/ip6tables.sample
@@ -9,15 +9,12 @@
 
 *filter
 :INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
-[0:0] -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-[0:0] -A FORWARD -i wlan0 -o eth0 -j ACCEPT
 COMMIT
 *nat
-:PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 [0:0] -A POSTROUTING -o eth0 -j MASQUERADE
 COMMIT
author	PÁLI Gábor János <pali.gabor@gmail.com>	2024-03-19 11:01:46 +0100
committer	PÁLI Gábor János <pali.gabor@gmail.com>	2024-03-24 14:49:56 +0100
commit	12cb08b82a8d2dd7ff40d11c02178de916d835e8 (patch)
tree	ab8f68b5ce6fb670de451ff1b61d3929047a27cb /etc/optional/ipv6/hostapd
parent	d7e702dd5529860e3d97a84e387bad95573f5894 (diff)
download	freebsd-wifibox-alpine-12cb08b82a8d2dd7ff40d11c02178de916d835e8.zip