On 12/06/07 19:24, Max Berger wrote: > In linux/iptables every packet goes through ip_conntrack at first, > independent from using connection tracking for this Packet. So if you > use tracking (and loading the module ip_conntrack) for any rule, you get > the limit of the connection table for all kinds of packets.
config NETFILTER_XT_TARGET_NOTRACK
tristate '"NOTRACK" target support'
depends on NETFILTER_XTABLES
depends on IP_NF_RAW || IP6_NF_RAW
depends on IP_NF_CONNTRACK || NF_CONNTRACK
help
The NOTRACK target allows a select rule to specify
which packets *not* to enter the conntrack/NAT
subsystem with all the consequences (no ICMP error tracking,
no protocol helpers for the selected packets).
--
Simon Arlott
signature.asc
Description: OpenPGP digital signature
_______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
