-
Lorenzo Colitti authored
The behaviour of the firewallReplaceUidChain was incorrect in several ways: 1. It was missing the "always allow TCP RST packets" rules which were added in http://ag/963000 . 2. It included a RETURN statement at the end of blacklist chains, which is superfluous since all user-defined chains implicitly return, and became incorrect when http://ag/963000 switched the behaviour of blacklist chains from inserting new rules at the beginning to appending them at the end. 3. It was missing the rules to allow the types of ICMPv6 packets that are critical in maintaining connectivity. By itself, this change is a no-op since nothing currently calls firewallReplaceUidRule. Bug: 26675191 Change-Id: I985e6861812908cbe7eaf0f54ca0ad39c22bbfeb
f157caf3
