On Jan 21 2008 02:14, Pablo Neira Ayuso wrote: > >BTW, it would be great if we add support for layer 4 protocol state >matching, e.g. match TCP established. We can use this together with the >target that would mark certain events as volatile, e.g. > >iptables -A 192.168.0.0/24 -m conntrack ! --tcp-state ESTABLISHED -j >VOLATILE And what's xt_VOLATILE do? (Was it hidden in your recent xt_CONNTRACK submission?) >The idea behind this it that ctnetlink would ignore certain events, >thus, reducing CPU load. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
