bug in conntrack + NAT filtering [was Re: [ANNOUNCE] Release conntrack-tools 0.9.6]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Krzysztof,

Krzysztof Oledzki wrote:
>> BTW: It seems there is somethig wrong with --dst-nat/--src-nat filtering:
>>
>> # conntrack -L --src-nat|wc -l;conntrack -L --src-nat=1.2.3.4|wc
>> -l;conntrack -L --src-nat=244.244.244.244|wc -l
>> 5010
>> 5010
>> 5010

I have committed a patch to SVN that it is supposed to fix this problem.

The commit also contains a way more flexible delete and update
operations, now you can do: conntrack -D -s 1.2.3.4 to delete all the
flows that are identified by the source IP 1.2.3.4. Similar feature for
the update operation: conntrack -U -s 1.2.3.4 -m 1 sets the connmark to
1 for all the matching flows.

I have also added a very (really very) simple tool to SVN that to
perform qa testing for the command line tool based on an user-defined
testsuite. Any help feeding the testsuite directory would be appreciate.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux