Use IP connection tracking only for input and output chains

Joris Dobbelsteen joris.dobbelsteen at
Thu Aug 11 13:45:12 CEST 2005


I've a question whether it is a supported configuration where the
connection tracking module is solely used for traffic local to the

I don't need any tracking on the forwarded traffic, however for local
traffic it could increase protection. Forwarded traffic only needs some
stateless filtering (drop some specific kinds of traffic I dislike, such
as RIP, OSPF, ...).

The device is a router for my wireless WLAN and will probably be
supplemented by a second system. Connection tracking is not very useful

The device is a Linksys WRT54G running OpenWRT (Linux 2.4) and iptables

- Joris Dobbelsteen

More information about the netfilter mailing list