Use IP connection tracking only for input and output chains

Joris Dobbelsteen joris.dobbelsteen at mail.com
Thu Aug 11 13:45:12 CEST 2005


Dear,

I've a question whether it is a supported configuration where the
connection tracking module is solely used for traffic local to the
device.

I don't need any tracking on the forwarded traffic, however for local
traffic it could increase protection. Forwarded traffic only needs some
stateless filtering (drop some specific kinds of traffic I dislike, such
as RIP, OSPF, ...).

The device is a router for my wireless WLAN and will probably be
supplemented by a second system. Connection tracking is not very useful
here...

The device is a Linksys WRT54G running OpenWRT (Linux 2.4) and iptables
1.3.1.

- Joris Dobbelsteen



More information about the netfilter mailing list