Monday Jeff Raber said: > On 12/09/2010 09:00 PM, Curtis Doty wrote: >> Why must statefull connection tracking be imposed on every Fedora user? >> >> Don't get me wrong. I use netfilter all the time and love it. And it's >> good to install the userland iptables tools and a simple firewall by >> default. But when I'd like to choose Fedora without it (asymmetric >> routing anyone?), I now have to rebuild the kernel. [harumph!] >> >> Was there ever a good reason for making the filter table and conntrack >> modules monolithic? They certainly didn't used to be built in... >> >> ../C > Seems like there should be an easy way to 'opt-out' of connection > tracking. Have you tried anything like 'iptables -t raw -I PREROUTING > -j NOTRACK' ? That's hardly opting out. Yes, loading the raw table and kicking each frame with the NOTRACK flag is an option. But a whole world different from the much more elegant solution of simply not loading the netfilter code at all by default...let alone the conntrack module and both the filter and raw table modules as well. ../C -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
