- fw3_pr("-A notrack");
- fw3_format_in_out(dev, NULL);
- fw3_format_src_dest(sub, NULL);
- fw3_format_extra(zone->extra_src);
- fw3_format_comment(zone->name, " (notrack)");
- fw3_pr(" -j CT --notrack\n", zone->name);
+ r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, NULL);
+ fw3_ipt_rule_comment(r, "%s CT helper assignment", zone->name);
+ fw3_ipt_rule_target(r, "zone_%s_helper", zone->name);
+ fw3_ipt_rule_extra(r, zone->extra_src);
+ fw3_ipt_rule_replace(r, "PREROUTING");
+ }
+
+ if (has(zone->flags, handle->family, FW3_FLAG_NOTRACK))
+ {
+ r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, NULL);
+ fw3_ipt_rule_comment(r, "%s CT bypass", zone->name);
+ fw3_ipt_rule_target(r, "zone_%s_notrack", zone->name);
+ fw3_ipt_rule_extra(r, zone->extra_src);
+ fw3_ipt_rule_replace(r, "PREROUTING");