Page MenuHomeVyOS Platform
Create Task
Maniphest T5080

Conntrack enabled by default
Open, HighPublicBUG
Actions

Description

Reported on the forum: https://forum.vyos.io/t/conntrack-is-enabled-by-default-on-1-4-rr/10586

Possibly missed during my firewall refactor, vyatta made use of FW_CONNTRACK and NAT_CONNTRACK chains to enable/disable conntrack depending if rules are found to match on state in firewall/nat modules.

Details

Difficulty level
Unknown (require assessment)
Version
1.4-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

sdev claimed this task.Sat, Mar 11, 3:39 PM
sdev triaged this task as High priority.
sdev created this task.
pasik added a subscriber: pasik.Sat, Mar 11, 4:50 PM
stepler added a subscriber: stepler.Sun, Mar 12, 3:16 PM

I don't think this ever worked as intended: see T3275#103228, vyos-build PR 185, and T3821.