<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Please support inverting filters"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1241">1241</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Please support inverting filters
</td>
</tr>
<tr>
<th>Product</th>
<td>conntrack-tools
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>conntrack
</td>
</tr>
<tr>
<th>Assignee</th>
<td>netfilter-buglog@lists.netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>korn-netfilter.org@elan.rulez.org
</td>
</tr></table>
<p>
<div>
<pre>I have a firewall where sometimes NAT rules change so that certain UDP
connections that were not SNATed before should be SNATed now.
Before the NAT rules go up, the affected packets are passed but the connections
end up in the UNREPLIED state; however, due to connection tracking, these
sessions get stuck in this state if the source keeps sending new UDP packets.
I would like to be able to flush unreplied UDP connections using something like
conntrack -D -p udp -u !assured
I'm sure filter negation would be useful in many other instances as well.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>