conntrack -E -i not allowed?
Pablo Neira Ayuso
pablo at netfilter.org
Wed Nov 8 20:29:47 CET 2006
Alan Ezust wrote:
> We need to be able to determine when we get an UPDATE or a DISCONNECT, which
> connections they correspond to. I assumed that was the purpose of the CT id.
The purpose was to uniquely identify a connection but we currenlty
assume that the tuple {src, portsrc, dst, portdst, l3protonum, protonum}
is enough.
> Why are you removing it?
http://lists.netfilter.org/pipermail/netfilter-devel/2005-June/019923.html
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
More information about the netfilter
mailing list