From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 28 Apr 2013 11:26:27 +0000 (+0200)
Subject: Don't use connection tracking for loopback traffic.
X-Git-Tag: 007~142^2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe9bf26bcfef9c7721d70218693d843b7b9b4c5b;p=network.git

Don't use connection tracking for loopback traffic.
---

diff --git a/functions.firewall b/functions.firewall
index 3f0d5ff8..40cb9326 100644
--- a/functions.firewall
+++ b/functions.firewall
@@ -251,8 +251,8 @@ function firewall_localhost_create_chains() {
 	log DEBUG "Creating firewall chains for localhost..."
 
 	# Accept everything on lo
-	iptables "${protocol}" -A INPUT  -i lo -m conntrack --ctstate NEW -j ACCEPT
-	iptables "${protocol}" -A OUTPUT -o lo -m conntrack --ctstate NEW -j ACCEPT
+	iptables "${protocol}" -A INPUT  -i lo -j ACCEPT
+	iptables "${protocol}" -A OUTPUT -o lo -j ACCEPT
 }
 
 function firewall_zone_create_chains() {