summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--forwards.c28
-rw-r--r--options.h1
-rw-r--r--redirects.c2
-rw-r--r--snats.c3
-rw-r--r--utils.c5
-rw-r--r--zones.c15
6 files changed, 6 insertions, 48 deletions
diff --git a/forwards.c b/forwards.c
index c610247..997c307 100644
--- a/forwards.c
+++ b/forwards.c
@@ -38,7 +38,6 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
struct uci_section *s;
struct uci_element *e;
struct fw3_forward *forward;
- bool changed;
INIT_LIST_HEAD(&state->forwards);
@@ -88,30 +87,15 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
continue;
}
- /* Propagate conntrack requirement flag into all zones connected through
- forwarding entries and repeat until all zones are normalized */
- do {
- changed = false;
-
- list_for_each_entry(forward, &state->forwards, list)
+ list_for_each_entry(forward, &state->forwards, list)
+ {
+ /* NB: forward family... */
+ if (forward->_dest)
{
- /* NB: forward family... */
- if (forward->_dest)
- {
- fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
- fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
-
- if (forward->_src &&
- (forward->_src->conntrack != forward->_dest->conntrack))
- {
- forward->_src->conntrack = true;
- forward->_dest->conntrack = true;
- changed = true;
- }
- }
+ fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
+ fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
}
}
- while (changed);
}
diff --git a/options.h b/options.h
index 307c5af..089242f 100644
--- a/options.h
+++ b/options.h
@@ -307,7 +307,6 @@ struct fw3_zone
struct list_head masq_src;
struct list_head masq_dest;
- bool conntrack;
bool mtu_fix;
bool log;
diff --git a/redirects.c b/redirects.c
index be1bfcb..a657b6d 100644
--- a/redirects.c
+++ b/redirects.c
@@ -278,7 +278,6 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p)
else
{
set(redir->_src->flags, FW3_FAMILY_V4, redir->target);
- redir->_src->conntrack = true;
valid = true;
if (!check_local(e, redir, state) && !redir->dest.set &&
@@ -309,7 +308,6 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p)
else
{
set(redir->_dest->flags, FW3_FAMILY_V4, redir->target);
- redir->_dest->conntrack = true;
valid = true;
}
}
diff --git a/snats.c b/snats.c
index f43daf2..fad6008 100644
--- a/snats.c
+++ b/snats.c
@@ -252,10 +252,7 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p, struct blob_attr
}
if (snat->_src)
- {
set(snat->_src->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT);
- snat->_src->conntrack = true;
- }
}
}
diff --git a/utils.c b/utils.c
index aca98d5..537c629 100644
--- a/utils.c
+++ b/utils.c
@@ -463,11 +463,6 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
uci_set(ctx, &ptr);
ptr.o = NULL;
- ptr.option = "conntrack";
- ptr.value = z->conntrack ? "1" : "0";
- uci_set(ctx, &ptr);
-
- ptr.o = NULL;
ptr.option = "mtu_fix";
ptr.value = z->mtu_fix ? "1" : "0";
uci_set(ctx, &ptr);
diff --git a/zones.c b/zones.c
index a95e363..8b4bbcd 100644
--- a/zones.c
+++ b/zones.c
@@ -73,7 +73,6 @@ const struct fw3_option fw3_zone_opts[] = {
FW3_OPT("extra_src", string, zone, extra_src),
FW3_OPT("extra_dest", string, zone, extra_dest),
- FW3_OPT("conntrack", bool, zone, conntrack),
FW3_OPT("mtu_fix", bool, zone, mtu_fix),
FW3_OPT("custom_chains", bool, zone, custom_chains),
@@ -217,7 +216,6 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
if (zone->masq)
{
fw3_setbit(zone->flags[0], FW3_FLAG_SNAT);
- zone->conntrack = true;
}
if (zone->custom_chains)
@@ -268,9 +266,6 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
if (zone->custom_chains)
set(zone->flags, handle->family, FW3_FLAG_CUSTOM_CHAINS);
- if (!zone->conntrack && !state->defaults.drop_invalid)
- set(zone->flags, handle->family, FW3_FLAG_NOTRACK);
-
for (c = zone_chains; c->format; c++)
{
/* don't touch user chains on selective stop */
@@ -488,7 +483,6 @@ static void
print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
bool reload, struct fw3_zone *zone)
{
- bool disable_notrack = state->defaults.drop_invalid;
bool first_src, first_dest;
struct fw3_address *msrc;
struct fw3_address *mdest;
@@ -620,15 +614,6 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
break;
case FW3_TABLE_RAW:
- if (!zone->conntrack && !disable_notrack)
- {
- r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_target(r, "CT");
- fw3_ipt_rule_addarg(r, false, "--notrack", NULL);
- fw3_ipt_rule_append(r, "zone_%s_notrack", zone->name);
- }
- break;
-
case FW3_TABLE_MANGLE:
break;
}
View Lorry Controller Status