global: remove automatic notrack rules

With recent Kernel versions and the introduction of the conntrack routing cache there is no need to maintain performance hacks in userspace anymore, so simply drop the generation of automatic -j CT --notrack rules for zones. This also fixes some cases where traffic is not matched for zones that do not explicitely enforce connection tracking. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2016-11-29 12:27:42 +0100
committer: Jo-Philipp Wich <jo@mein.io> 2016-11-29 12:27:42 +0100
commit: 13698aafb52c45817ee7815da3405e620657c8d0 (patch)
tree: 2773965e8ecf70d33b3fa4987404dac71c853bf0 /utils.c
parent: 0367860636aa55e9ee064709ec2814906e1f246b (diff)
download: firewall3-13698aafb52c45817ee7815da3405e620657c8d0.tar.gz
1 files changed, 0 insertions, 5 deletions
diff --git a/utils.c b/utils.c
index aca98d5..537c629 100644
--- a/utils.c
+++ b/utils.c
@@ -463,11 +463,6 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 	uci_set(ctx, &ptr);
 
 	ptr.o      = NULL;
-	ptr.option = "conntrack";
-	ptr.value  = z->conntrack ? "1" : "0";
-	uci_set(ctx, &ptr);
-
-	ptr.o      = NULL;
 	ptr.option = "mtu_fix";
 	ptr.value  = z->mtu_fix ? "1" : "0";
 	uci_set(ctx, &ptr);
author	Jo-Philipp Wich <jo@mein.io>	2016-11-29 12:27:42 +0100
committer	Jo-Philipp Wich <jo@mein.io>	2016-11-29 12:27:42 +0100
commit	13698aafb52c45817ee7815da3405e620657c8d0 (patch)
tree	2773965e8ecf70d33b3fa4987404dac71c853bf0 /utils.c
parent	0367860636aa55e9ee064709ec2814906e1f246b (diff)
download	firewall3-13698aafb52c45817ee7815da3405e620657c8d0.tar.gz