Re: Firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Monday Jeff Raber said:

> On 12/09/2010 09:00 PM, Curtis Doty wrote:
>> Why must statefull connection tracking be imposed on every Fedora user?
>>
>> Don't get me wrong. I use netfilter all the time and love it. And it's
>> good to install the userland iptables tools and a simple firewall by
>> default. But when I'd like to choose Fedora without it (asymmetric
>> routing anyone?), I now have to rebuild the kernel. [harumph!]
>>
>> Was there ever a good reason for making the filter table and conntrack
>> modules monolithic? They certainly didn't used to be built in...
>>
>> ../C
> Seems like there should be an easy way to 'opt-out' of connection
> tracking.  Have you tried anything like 'iptables -t raw -I PREROUTING
> -j NOTRACK' ?

That's hardly opting out. Yes, loading the raw table and kicking each 
frame with the NOTRACK flag is an option. But a whole world different from 
the much more elegant solution of simply not loading the netfilter code at 
all by default...let alone the conntrack module and both the filter and 
raw table modules as well.

../C

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux