target for modifying conntrack timeout value

Richard richard at o-matrix.org
Mon Dec 6 08:43:33 CET 2004


> That should indeed work by calling ip_ct_refresh (ip_ct_refresh_acct
> in 2.6, it seems) in e.g. filter, matching --dport 5060. Just make
> sure you do it in front of any '-m state --state ESTABLISHED -j ACCEPT'
> rules.
> 
> Go ahead, write such a target.
> 

I finished the code and testing. It is based on the stable versions of
iptables and pom. I'd like to have it included in cvs. Should I post the
patch based on stable or cvs?

Btw, the cvs server seems down now. I followed the instruction in
http://www.netfilter.org/downloads.html#cvs.

Thanks,
Richard





More information about the netfilter-devel mailing list