State of the conntrack match
Christoph Lenggenhager
clenggenhager at gmail.com
Wed May 2 08:14:07 CEST 2007
Hi
I would like to use a conntrack match (i.e. -m conntrack --ctorigdst
...), but I miss the ability to filter for the original source and
destination ports.
When going through the archives of netfilter-devel, I see that the
conntrack match has originally been developed by Marc Boucher.
Back in 2002, Henrik Nordström wrote a patch to it that would precisely
fit my needs.
(cf. http://lists.netfilter.org/pipermail/netfilter-devel/2002-July/008382.html)
Unfortunately, this effort seems to have died with the advise from
Harald Welte to contact Marc Boucher directly.
My questions are now:
- What is the status of the conntrack match? Is it just "there" to be
used, but nobody ever wants to touch it again?
- Would it be appreciated to take up Henrik's (old) ideas? Is there a
chance to take such changes into the main tree? Since I do not know
better: Is this a "good" idea or does it make you scream and run away?
Well, this is more a user-related question:
- Assuming conntrack match is too old and out-dated, is there an
alternative way to filter based on the original data (addresses and
ports) of a packet?
Thanks for any reply.
Kind regards,
christoph
PS:
If this is a repost, please excuse, but I couldn't find my message in
the archives, so I resent it. Sorry for any inconveniences.
More information about the netfilter-devel
mailing list