projects / project / firewall3.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
global: remove automatic notrack rules
[project/firewall3.git] / zones.c
diff --git a/zones.c b/zones.c
index a95e363a7792c497951d9c1a2e4c63e738677831..8b4bbcd09879b7cf76db5b5f3ac9c1a9f74a6f1f 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -73,7 +73,6 @@ const struct fw3_option fw3_zone_opts[] = {
        FW3_OPT("extra_src",           string,   zone,     extra_src),
        FW3_OPT("extra_dest",          string,   zone,     extra_dest),
 
-       FW3_OPT("conntrack",           bool,     zone,     conntrack),
        FW3_OPT("mtu_fix",             bool,     zone,     mtu_fix),
        FW3_OPT("custom_chains",       bool,     zone,     custom_chains),
 
@@ -217,7 +216,6 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
                if (zone->masq)
                {
                        fw3_setbit(zone->flags[0], FW3_FLAG_SNAT);
-                       zone->conntrack = true;
                }
 
                if (zone->custom_chains)
@@ -268,9 +266,6 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
        if (zone->custom_chains)
                set(zone->flags, handle->family, FW3_FLAG_CUSTOM_CHAINS);
 
-       if (!zone->conntrack && !state->defaults.drop_invalid)
-               set(zone->flags, handle->family, FW3_FLAG_NOTRACK);
-
        for (c = zone_chains; c->format; c++)
        {
                /* don't touch user chains on selective stop */
@@ -488,7 +483,6 @@ static void
 print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
                 bool reload, struct fw3_zone *zone)
 {
-       bool disable_notrack = state->defaults.drop_invalid;
        bool first_src, first_dest;
        struct fw3_address *msrc;
        struct fw3_address *mdest;
@@ -620,15 +614,6 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
                break;
 
        case FW3_TABLE_RAW:
-               if (!zone->conntrack && !disable_notrack)
-               {
-                       r = fw3_ipt_rule_new(handle);
-                       fw3_ipt_rule_target(r, "CT");
-                       fw3_ipt_rule_addarg(r, false, "--notrack", NULL);
-                       fw3_ipt_rule_append(r, "zone_%s_notrack", zone->name);
-               }
-               break;
-
        case FW3_TABLE_MANGLE:
                break;
        }
OpenWrt firewall configuration utility