package/network/config/firewall/Makefile · 2daab45cae3cfc09bae96f4326a3963a7504e86d · Johannes Rudolph / lede-mikrotik

8 years ago

firewall3: drop support for automatic NOTRACK rules · 2daab45c

Jo-Philipp Wich authored 8 years ago


Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.

The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2daab45c

History

firewall3: drop support for automatic NOTRACK rules

Jo-Philipp Wich authored 8 years ago


Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.

The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Makefile 1.88 KiB