Illegal option `-i' with conntrack -I
Krzysztof Oledzki
olenf at ans.pl
Thu Nov 3 15:12:54 CET 2005
On Thu, 3 Nov 2005, KOVACS Krisztian wrote:
>
> Hi,
>
> On Thursday 03 November 2005 14.36, Krzysztof Oledzki wrote:
>> It seems it is not possible to specify conntrack id while adding new
>> conntrack. Is it intentionally?
>>
>> # conntrack -I --orig-src 1.2.3.4 --orig-dst 1.2.3.5 --reply-src
>> 2.3.4.5 --reply-dst 2.3.4.5 -p tcp --orig-port-src 1 --orig-port-dst
>> 2 --reply-port-src 3 --reply-port-dst 5 -t 32323 -u ASSURED -i 99
>> conntrack v0.95: Illegal option `-i' with this command
>> Try `conntrack -h' or 'conntrack --help' for more information.
>
> I guess it's intentional. For the netlink dump to work you need the
> IDs of conntrack entries to be unique and monotonously increasing, and
> that's what setting the ID from userspace could ruin.
So netlink will never allow to save & restore exact status of
the ip_conntrack?
Best regards,
Krzysztof Olędzki
More information about the netfilter-devel
mailing list