On Jan 21 2008 02:18, Pablo Neira Ayuso wrote: >> >> And what's xt_VOLATILE do? (Was it hidden in your recent >> xt_CONNTRACK submission?) > >Indeed. Just set the IPCT_VOLATILE flag to tell ctnetlink to skip that >event. It would be a very simple target. I don't know if VOLATILE would >be a nice name, perhaps CTNETLINK. Oh I would not mind names all that much. At the basic level, there is ACCEPT DROP and REJECT. Then, in the depths of POM-nation there is TARPIT and TEE, (I'm missing COFFEE). Elsewhere, I wrote CHAOS and DELUDE. Most recently, I sampled up STEAL. You see, VOLATILE is not so off after all. :-) - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html