Jan Engelhardt wrote: > On Monday 2010-01-25 15:32, Felipe W Damasio wrote: >>> For the same reason: >>> http://l7-filter.sourceforge.net/FAQ#usage >> Right, thanks! >> >> But I just don't see the point of letting all the http traffic flows >> through squid since it'll only care about a handful of domains... >> >> I don't suppose there is a way of "putting" the connection back on >> the forwarding-state on the bridge after ebtables already dropped it >> on the broute table, is there? > > Once you decided which machine handles the packet stream, it's decided. > The twist is, you have to decide when you see the very first packet. CT actually doesn't really care, it should be possible with TPROXY if the local socket could be persuaded to close silently. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
