From e830037a9cc7ea9148d2cc50aabcf2d74fbacb3d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob.mottram@codethink.co.uk>
Date: Wed, 8 Jun 2016 10:44:29 +0100
Subject: [PATCH 1/2] Don't accept RELATED packets

---
 src/freedombone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone b/src/freedombone
index 8f147b1e..9af8e346 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -4109,7 +4109,7 @@ function configure_firewall {
 	iptables -P INPUT DROP
 	ip6tables -P INPUT DROP
 	iptables -A INPUT -i lo -j ACCEPT
-	iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+	iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 
 	# Make sure incoming tcp connections are SYN packets
 	iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

From c565f37033e7562f6386742ae2b93488bbb039f1 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob.mottram@codethink.co.uk>
Date: Wed, 8 Jun 2016 12:28:32 +0100
Subject: [PATCH 2/2] Recreate firewall to remove RELATED

---
 src/freedombone | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/freedombone b/src/freedombone
index 9af8e346..0da43fe4 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -4091,6 +4091,10 @@ function time_synchronisation {
 }
 
 function configure_firewall {
+	if grep -q "RELATED" /etc/firewall.conf; then
+		# recreate the firewall to remove RELATED
+		sed -i "/firewall/d" $COMPLETION_FILE
+	fi
 	if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
 		return
 	fi