Disabling netfilter/connection tracking

    I need to know if there is a way to disable netfilter/connection tracking in Tomato firmware?

    Some of you are probably going to say " you need it for X and X feature, you need it for NAT, you need it for your firewall!"

    Well, I dont need any of these features, and I have it in router mode.

    I have it in front of another router that does all that and I have an overflowing amount of connections that netfilter/ip_conntrack is tracking for no good reason.

    Thanks for any help!
    Bump, No ideas? can it be done even if I had to compile my own version?
    Tomato has the iptables modules compiled into the kernel, so it cannot be turned off AFAIK.

    You could do
    iptables -P FORWARD ACCEPT
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -F FORWARD
    iptables -F INPUT
    iptables -F OUTPUT

    if you already have all other iptables stuff turned off in the GUI.

    This does not stop /proc/net/ip_conntrack, but effectively disables any iptables chains. Maybe that'll help.

    If you compile your own version, you could pretty much do whatever you can figure out, among which may be the iptables driver as a module, which will give you the option of using/not using it.

    Edit: As an alternative, you could make the TCP and UDP timeouts very small, which should make less conntrack entries.
    hmm double-router?

    why don'cha just operate the tomato as a switch? everything in 1 VLAN, no WAN ports, no conntrack, etc. that way the 1st router will handle everything.
    Judging by some of the OP's threads elsewhere, I would guess he is using Tomato for MLPPPoE.
    I hadn't thought about it till you said that, but that's exactly what I'm doing, put all the ethernet ports in my "extension" router in the LAN since I need the extra LAN port and not the WAN.
    hmm tts strange, cuz i don't remember tomato tracking my internal lan connections.

    well anyway regarding ur qn, its not possible to turn off netfilter in the firmware itself unless u do compile ur own version (=
    Looks like when all ports on my "extension" router are configured to be on the LAN, Tomato only tracks connections to that router and not those passing through to the primary WAN router.
