diff --git a/README.md b/README.md
index 3333d16..c75a08e 100644
--- a/README.md
+++ b/README.md
@@ -202,7 +202,7 @@ Flags that do not scoped to a specific section, used over all the youtubeUnblock
 
 - `--no-gso` Disables support for TCP fat packets which uses GSO. This feature is well tested now, so this flag probably won't fix anything.
 
-- `--no-conntrack` Disables support for conntrack in youtubeUnblock.
+- `--use-conntrack` Enables support for conntrack in youtubeUnblock. Disabled by default. Enabled in kernel module.
 
 - `--no-ipv6` Disables support for ipv6. May be useful if you don't want for ipv6 socket to be opened.
 
diff --git a/src/args.c b/src/args.c
index 5d10648..d609fef 100644
--- a/src/args.c
+++ b/src/args.c
@@ -280,7 +280,7 @@ enum {
 	OPT_THREADS,
 	OPT_SILENT,
 	OPT_NO_GSO,
-	OPT_NO_CONNTRACK,
+	OPT_USE_CONNTRACK,
 	OPT_QUEUE_NUM,
 	OPT_UDP_MODE,
 	OPT_UDP_FAKE_SEQ_LEN,
@@ -331,7 +331,7 @@ static struct option long_opt[] = {
 	{"trace",		0, 0, OPT_TRACE},
 	{"instaflush",		0, 0, OPT_INSTAFLUSH},
 	{"no-gso",		0, 0, OPT_NO_GSO},
-	{"no-conntrack",	0, 0, OPT_NO_CONNTRACK},
+	{"use-conntrack",	0, 0, OPT_USE_CONNTRACK},
 	{"no-ipv6",		0, 0, OPT_NO_IPV6},
 	{"daemonize",		0, 0, OPT_DAEMONIZE},
 	{"noclose",		0, 0, OPT_NOCLOSE},
@@ -477,11 +477,11 @@ int yparse_args(struct config_t *config, int argc, char *argv[]) {
 			goto invalid_opt;
 #endif
 			break;
-		case OPT_NO_CONNTRACK:
+		case OPT_USE_CONNTRACK:
 #ifndef KERNEL_SPACE
-			config->use_conntrack = 0;
+			config->use_conntrack = 1;
 #else
-			lgerr("--no-conntrack is not supported in kernel space. Compile with make kmake EXTRA_CFLAGS=\"-DNO_CONNTRACK\" instead." );
+			lgerr("Conntrack is enabled by default in kernel space. If you want to disable it, compile with make kmake EXTRA_CFLAGS=\"-DNO_CONNTRACK\"." );
 			goto invalid_opt;
 #endif
 			break;
@@ -1052,8 +1052,8 @@ size_t print_config(const struct config_t *config, char *buffer, size_t buffer_s
 	if (!config->use_gso) {
 		print_cnf_buf("--no-gso");
 	}
-	if (!config->use_conntrack) {
-		print_cnf_buf("--no-conntrack");
+	if (config->use_conntrack) {
+		print_cnf_buf("--use-conntrack");
 	}
 #endif
 
diff --git a/src/config.h b/src/config.h
index 2df8fe8..52d0ec2 100644
--- a/src/config.h
+++ b/src/config.h
@@ -284,7 +284,7 @@ enum {
                                                                 \
 	.verbose = VERBOSE_DEBUG,                               \
 	.use_gso = 1,                                           \
-	.use_conntrack = 1,					\
+	.use_conntrack = 0,					\
                                                                 \
 	.first_section = NULL,					\
 	.last_section = NULL,					\
diff --git a/src/mangle.c b/src/mangle.c
index a8ce942..cce9ccd 100644
--- a/src/mangle.c
+++ b/src/mangle.c
@@ -285,6 +285,7 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
 		lgdebug("Target SNI detected: %.*s", vrd.sni_len, vrd.sni_ptr);
 		size_t target_sni_offset = vrd.target_sni_ptr - data;
 
+
 		size_t payload_len = raw_payload_len;
 		uint8_t *payload = malloc(raw_payload_len);
 		if (payload == NULL) {