From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 19 Mar 2014 08:11:17 +0000 (+0100)
Subject: remove optimization which accepts unrelated traffic
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=b797eca2f0654cba0832da62c1a6233e0f4414a4

remove optimization which accepts unrelated traffic

Removing this alsmo make ips filter easier.
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4406824..ba4559d 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1827,9 +1827,6 @@ sub compile {
 	}
     }
 
-    # fixme: this is an optimization? if so, we should also drop INVALID packages?
-    ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT");
-
     # fixme: what log level should we use here?
     my $loglevel = get_option_log_level($hostfw_options, "log_level_out");