firewall3: drop support for automatic NOTRACK rules

Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.

The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index 24b2e05569b245752e962fb201e93a4edffc4f2d..3d59c093710abcb72bf825731e0d25c65ea4c8ee 100644 (file)
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -9,15 +9,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_VERSION:=2016-11-07
+PKG_VERSION:=2016-11-29
 PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=0367860636aa55e9ee064709ec2814906e1f246b
+PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_MD5SUM:=1a087c92c73c3736dd19445d2f470abc2c1eb623956ddd55284c2e6a733198ce
+PKG_MIRROR_MD5SUM:=fd5468488e67b2a67a95228cb2e2efe66a44426748d294ecd9c7806c6bbe0978
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC