1 files changed, 5 insertions, 17 deletions

diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index db010257d..1564b3ef8 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -4,17 +4,10 @@
 {% import 'firewall/nftables-bridge.j2' as bridge_tmpl %}
 {% import 'firewall/nftables-offload.j2' as offload %}
 
-flush chain raw FW_CONNTRACK
-flush chain ip6 raw FW_CONNTRACK
-
 flush chain raw vyos_global_rpfilter
 flush chain ip6 raw vyos_global_rpfilter
 
 table raw {
-    chain FW_CONNTRACK {
-        {{ ipv4_conntrack_action }}
-    }
-
     chain vyos_global_rpfilter {
 {% if global_options.source_validation is vyos_defined('loose') %}
         fib saddr oif 0 counter drop
@@ -26,10 +19,6 @@ table raw {
 }
 
 table ip6 raw {
-    chain FW_CONNTRACK {
-        {{ ipv6_conntrack_action }}
-    }
-
     chain vyos_global_rpfilter {
 {% if global_options.ipv6_source_validation is vyos_defined('loose') %}
         fib saddr oif 0 counter drop
@@ -273,23 +262,22 @@ table bridge vyos_filter {
 }
 {% endif %}
 
-table inet vyos_offload
+{% if first_install is not vyos_defined %}
 delete table inet vyos_offload
+{% endif %}
 table inet vyos_offload {
-{% if flowtable_enabled %}
-{%     if global_options.flow_offload.hardware.interface is vyos_defined %}
+{% if global_options.flow_offload.hardware.interface is vyos_defined %}
     {{- offload.render_flowtable('VYOS_FLOWTABLE_hardware', global_options.flow_offload.hardware.interface | list, priority='filter - 2', hardware_offload=true) }}
     chain VYOS_OFFLOAD_hardware {
         type filter hook forward priority filter - 2; policy accept;
         ct state { established, related } meta l4proto { tcp, udp } flow add @VYOS_FLOWTABLE_hardware
     }
-{%     endif %}
-{%     if global_options.flow_offload.software.interface is vyos_defined %}
+{% endif %}
+{% if global_options.flow_offload.software.interface is vyos_defined %}
     {{- offload.render_flowtable('VYOS_FLOWTABLE_software', global_options.flow_offload.software.interface | list, priority='filter - 1') }}
     chain VYOS_OFFLOAD_software {
         type filter hook forward priority filter - 1; policy accept;
         ct state { established, related } meta l4proto { tcp, udp } flow add @VYOS_FLOWTABLE_software
     }
-{%     endif %}
 {% endif %}
 }