Skip to content

Add "NOTRACK" action to firewall rules #1617

Description

@cotosso

Description
Add a new firewall rule action called "NOTRACK" alongside the existing actions (ACCEPT, REJECT, DROP).
This is needed to support use cases where connection tracking (conntrack) must be bypassed, improving performance and enabling proper handling of specific traffic types (e.g. high-throughput flows, stateless protocols, or asymmetric routing scenarios).
The purpose is to expose, at UI level, a feature already supported by underlying netfilter/nftables.

Proposed solution
Introduce a new selectable action NOTRACK in firewall rules.
When selected, the rule should apply the equivalent of a notrack (raw table) behavior, ensuring packets matching the rule are excluded from connection tracking.
The target option in firewall config must be NOTRACK.

The option should be available in the same place where ACCEPT/REJECT/DROP are currently defined, maintaining UI consistency.

Additional context
This functionality is already supported at lower levels (netfilter/nftables), but currently not exposed in NethSecurity UI. Making it available improves flexibility for advanced networking scenarios without requiring manual configuration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    verifiedAll test cases were verified successfully

    Fields

    No fields configured for Feature.

    Projects

    Status
    Verified

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions