From b797eca2f0654cba0832da62c1a6233e0f4414a4 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 19 Mar 2014 09:11:17 +0100
Subject: [PATCH] remove optimization which accepts unrelated traffic

Removing this alsmo make ips filter easier.
---
 src/PVE/Firewall.pm | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4406824..ba4559d 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1827,9 +1827,6 @@ sub compile {
 	}
     }
 
-    # fixme: this is an optimization? if so, we should also drop INVALID packages?
-    ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT");
-
     # fixme: what log level should we use here?
     my $loglevel = get_option_log_level($hostfw_options, "log_level_out");
 
-- 
2.39.2