From dde1f0a779c9b4e9b3bac22d66a18315e397cdc6 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 25 May 2013 16:31:27 -0700
Subject: [PATCH] Only enable helpers during a 'clear' operation.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Misc.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 42b8c57af..d5e6f458d 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -2444,7 +2444,7 @@ EOF
     #
     # Enable automatic helper association on kernel 3.5.0 and later
     #
-    if [ -f /proc/sys/net/netfilter/nf_conntrack_helper ]; then
+    if [ $COMMAND = clear -a -f /proc/sys/net/netfilter/nf_conntrack_helper ]; then
         echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper
     fi