connection tracking without iptables?
Jiann-Ming Su
sujiannming at gmail.com
Thu Oct 14 20:31:11 CEST 2004
On Thu, 30 Sep 2004 19:34:30 -0400, Jason Opperisano <opie at 817west.com> wrote:
>
> egrep 'ESTABLISHED|ASSURED' /proc/net/ip_conntrack | wc -l
>
We're finding that any read operation on /proc/net/ip_conntrack really
locks the system until that operation is completed. That is, it's
almost as if the read prevents any writes, so the firewall locks up
momentarily until the read is done. Is there a less system intensive
way to read ip_conntrack? Or, is my observation completely wrong?
--
Jiann-Ming Su
"I have to decide between two equally frightening options.
If I wanted to do that,
I'd vote." --Duckman
More information about the netfilter
mailing list