From 517ad9ff0d3413d793116fee7fa9722636a36a47 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Thu, 7 Aug 2014 19:30:36 +0000
Subject: base-files: enable option to skip the netfilter "filter" table for
 established connection packets by default

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42048
---
 package/base-files/files/etc/sysctl.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
index 9e5714ef3e..eb7fe82111 100644
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -21,6 +21,7 @@ net.netfilter.nf_conntrack_max=16384
 net.netfilter.nf_conntrack_tcp_timeout_established=7440
 net.netfilter.nf_conntrack_udp_timeout=60
 net.netfilter.nf_conntrack_udp_timeout_stream=180
+net.netfilter.nf_conntrack_skip_filter=1
 
 # disable bridge firewalling by default
 net.bridge.bridge-nf-call-arptables=0
-- 
cgit v1.2.3