2 files changed, 3 insertions, 18 deletions

diff --git a/src/filter.c b/src/filter.c
index eaf0a93..33fe30e 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -167,10 +167,9 @@ __ct_filter_test_ipv4(struct ct_filter *f, struct nf_conntrack *ct)
 	if (!f->h)
 		return 0;
 
+	/* we only use the real source and destination address */
 	return (hashtable_test(f->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
-		hashtable_test(f->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_DST)) ||
-		hashtable_test(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)) ||
-		hashtable_test(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_DST)));
+		hashtable_test(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)));
 }
 
 static int
@@ -180,9 +179,7 @@ __ct_filter_test_ipv6(struct ct_filter *f, struct nf_conntrack *ct)
 		return 0;
 
 	return (hashtable_test(f->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
-	        hashtable_test(f->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_DST)) ||
-	        hashtable_test(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)) ||
-	        hashtable_test(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_DST)));
+	        hashtable_test(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)));
 }
 
 static int __ct_filter_test_state(struct ct_filter *f, struct nf_conntrack *ct)
diff --git a/src/netlink.c b/src/netlink.c
index 8b02ac5..a4b94dd 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -66,18 +66,6 @@ int ignore_conntrack(struct nf_conntrack *ct)
 	if (!sanity_check(ct))
 		return 1;
 
-	/* Accept DNAT'ed traffic: not really coming to the local machine */
-	if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
-		debug_ct(ct, "DNAT");
-		return 0;
-	}
-
-	/* Accept SNAT'ed traffic: not really coming to the local machine */
-	if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
-		debug_ct(ct, "SNAT");
-		return 0;
-	}
-
 	/* Ignore traffic */
 	if (!ct_filter_check(STATE(us_filter), ct)) {
 		debug_ct(ct, "ignore traffic");