remove optimization which accepts unrelated traffic

author Dietmar Maurer <dietmar@proxmox.com>

Wed, 19 Mar 2014 08:11:17 +0000 (09:11 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Wed, 19 Mar 2014 08:11:17 +0000 (09:11 +0100)
author Dietmar Maurer <dietmar@proxmox.com>
Wed, 19 Mar 2014 08:11:17 +0000 (09:11 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Wed, 19 Mar 2014 08:11:17 +0000 (09:11 +0100)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index 44068249992b7a78b9b6acbb31ce3d1a0ea575f9..ba4559d895e5a65a5e5ca72562030122951c683a 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1827,9 +1827,6 @@ sub compile {
         }
      }
  
-    # fixme: this is an optimization? if so, we should also drop INVALID packages?
-    ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT");
-
      # fixme: what log level should we use here?
      my $loglevel = get_option_log_level($hostfw_options, "log_level_out");
author	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 19 Mar 2014 08:11:17 +0000 (09:11 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 19 Mar 2014 08:11:17 +0000 (09:11 +0100)