Jan Engelhardt wrote: > On Tuesday 2010-01-19 10:05, Patrick McHardy wrote: > >> The attached two patches add a 'CT' target to specify parameters >> used during conntrack creation. This can be used to manually attach >> a helper to a connection. A couple of patches I'm still working >> on will additionally use this for the "conntrack zones" classification. >> >> I'm wondering if anyone has further ideas of parameters that might >> make sense to support. > > Phil Oester/Pablo had proposed an earlier conntrack target to do just > that. > > [3] > http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/21499 > (Can't find Pablo's update to that) We could use the CT target to specify a fixed timeout, but since it is only used for creating the conntrack entry, the timeouts wouldn't be refreshed for received packets. This doesn't sound very useful. Of course the target could also modify existing connections, but that doesn't fit into the concept very well. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
