[Bug 1241] New: Please support inverting filters

Wed Apr 4 15:36:53 CEST 2018

https://bugzilla.netfilter.org/show_bug.cgi?id=1241

            Bug ID: 1241
           Summary: Please support inverting filters
           Product: conntrack-tools
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: conntrack
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: korn-netfilter.org at elan.rulez.org

I have a firewall where sometimes NAT rules change so that certain UDP
connections that were not SNATed before should be SNATed now.

Before the NAT rules go up, the affected packets are passed but the connections
end up in the UNREPLIED state; however, due to connection tracking, these
sessions get stuck in this state if the source keeps sending new UDP packets.

I would like to be able to flush unreplied UDP connections using something like

conntrack -D -p udp -u !assured

I'm sure filter negation would be useful in many other instances as well.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180404/764b435c/attachment.html>