--- zzzz-none-000/linux-2.4.17/net/core/netfilter.c	2001-04-27 21:15:01.000000000 +0000
+++ sangam-fb-322/linux-2.4.17/net/core/netfilter.c	2004-11-24 13:22:07.000000000 +0000
@@ -21,6 +21,9 @@
 #include <linux/netdevice.h>
 #include <linux/brlock.h>
 
+#include <asm/uaccess.h>
+#include <linux/proc_fs.h>
+
 #define __KERNEL_SYSCALLS__
 #include <linux/unistd.h>
 
@@ -43,6 +46,8 @@
 struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS];
 static LIST_HEAD(nf_sockopts);
 
+static int gIsFirewallEnabled;
+
 /* 
  * A queue handler may be registered for each protocol.  Each is protected by
  * long term mutex.  The handler must provide an an outfn() to accept packets
@@ -451,6 +456,13 @@
 	unsigned int verdict;
 	int ret = 0;
 
+    /* Since the firewall and connection tracking modules have now been placed as 
+     * a part of the kernel and we still want to provide some method of turning these
+     * options off, we use a proc entry to do so. Unsetting the variable bypasses the 
+     * NET Filter hooks. */
+    if (gIsFirewallEnabled == 0)
+        return okfn(skb);
+
 	/* This stopgap cannot be removed until all the hooks are audited. */
 	if (skb_is_nonlinear(skb) && skb_linearize(skb, GFP_ATOMIC) != 0) {
 		kfree_skb(skb);
@@ -559,12 +571,49 @@
    with it. */
 void (*ip_ct_attach)(struct sk_buff *, struct nf_ct_info *);
 
+static int firewall_write_level (struct file *file, const char *buffer, unsigned long count, void *data) 
+{
+	char newDebugLevel[5];
+
+	/* Validate the length of data passed. */
+	if (count > 5)
+		count = 5; 
+	
+	/* Copy from user space. */	
+	if (copy_from_user (&newDebugLevel, buffer, count))
+		return -EFAULT;
+
+	/* Store the new debug level. */
+	gIsFirewallEnabled = (UINT16) simple_strtol(newDebugLevel, NULL, 0);
+	return count;
+}
+
+static int firewall_read_level (char *buf, char **start, off_t offset, int count, int *eof, void *data)
+{
+	int len = 0;
+	len = len + sprintf (buf + len, "Current Firewall State is %d.\n",gIsFirewallEnabled); 
+	return len;
+}
+
 void __init netfilter_init(void)
 {
-	int i, h;
+	int                     i, h;
+    struct proc_dir_entry*	ptr_dir_entry;
 
 	for (i = 0; i < NPROTO; i++) {
 		for (h = 0; h < NF_MAX_HOOKS; h++)
 			INIT_LIST_HEAD(&nf_hooks[i][h]);
 	}
+
+	/* Create a proc entry that is used to enable / disable the firewall. */
+	ptr_dir_entry = create_proc_entry("net/firewall_start" ,0644, NULL);
+	if (ptr_dir_entry == NULL)
+	{
+		printk ("Error: Unable to create the firewall start/stop proc entry.\n");
+		return;
+	}
+	ptr_dir_entry->data 	  = NULL;
+	ptr_dir_entry->read_proc  = firewall_read_level;
+	ptr_dir_entry->write_proc = firewall_write_level;
+	ptr_dir_entry->owner 	  = THIS_MODULE;
 }