From 2f1d59366caccbb270496245a25a9879f88e8bb5 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 12 Aug 2012 08:43:28 -0700
Subject: [PATCH] Unconditionally disable kernel automatic helper association
 during start.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Compiler.pm | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 7e221b48c..16005639c 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -705,12 +705,10 @@ sub compiler {
     #
     setup_proxy_arp;
 
-    my $setting = supplied $config{HELPERS} ? 0 : 1;
-
-    emit( "#\n# Set automatic helper association on kernel 3.5.0 and later\n#" ,
+    emit( "#\n# Disable automatic helper association on kernel 3.5.0 and later\n#" ,
 	  'if [ -f /proc/sys/net/netfilter/nf_conntrack_helper ]; then' ,
-	  '    progress_message "Setting up Automatic Helper Association"',
-	  "    echo $setting > /proc/sys/net/netfilter/nf_conntrack_helper",
+	  '    progress_message "Disabling Kernel Automatic Helper Association"',
+	  "    echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper",
 	  'fi',
 	  ''
 	);