firewall3: drop support for automatic NOTRACK rules

Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.

The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich 2016-12-14 00:44:22 +01:00
parent a6781ef4c1
commit 2daab45cae

View file

@ -9,15 +9,15 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2016-11-07 PKG_VERSION:=2016-11-29
PKG_RELEASE:=$(PKG_SOURCE_VERSION) PKG_RELEASE:=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=0367860636aa55e9ee064709ec2814906e1f246b PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
PKG_MIRROR_MD5SUM:=1a087c92c73c3736dd19445d2f470abc2c1eb623956ddd55284c2e6a733198ce PKG_MIRROR_MD5SUM:=fd5468488e67b2a67a95228cb2e2efe66a44426748d294ecd9c7806c6bbe0978
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io> PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=ISC PKG_LICENSE:=ISC