From 1492374dffb01f3ab748b1eeb989cfbe7e11ba96 Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Sat, 12 Jun 2010 15:47:11 -0700
Subject: Dont tear down conntrack if the other table is using it.

---
 scripts/firewall/vyatta-firewall.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'scripts/firewall')

diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index eb115a6..c4d46bf 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -180,7 +180,9 @@ if (defined $teardown) {
   teardown_iptables($table, $iptables_cmd);
 
   # remove the conntrack setup.
-  ipt_disable_conntrack($iptables_cmd, 'FW_CONNTRACK');
+  if (! is_tree_in_use($other_tree{$teardown})) {
+    ipt_disable_conntrack($iptables_cmd, 'FW_CONNTRACK');
+  }
 
   exit 0;
 }
-- 
cgit v1.2.3