]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - config/forwardfw/rules.pl
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
iptables: Replace state module by conntrack module.
[people/teissler/ipfire-2.x.git] / config / forwardfw / rules.pl
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index d62cca0d77dcb6f47a1d32206f3b5f0b54886a12..6a91ddf5725c094da1da3dbb89f75eb476166ba5 100755 (executable)
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -115,7 +115,7 @@ if($param eq 'flush'){
                        system ("/usr/sbin/firewall-policy"); 
                }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
                        &p2pblock;
-                       system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
+                       system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
                        system ("/usr/sbin/firewall-policy");
                        system ("/etc/sysconfig/firewall.local reload");
                }
@@ -140,9 +140,6 @@ sub preparerules
        if (! -z  "${General::swroot}/forward/outgoing"){
                &buildrules(\%configoutgoingfw);
        }
-       if (! -z  "${General::swroot}/forward/nat"){
-               &buildrules(\%confignatfw);
-       }
 }
 sub buildrules
 {
Timo's tree of IPFire 2.x