On Wednesday 2010-02-10 22:32, Jozsef Kadlecsik wrote: >> >> How so? If I untrack something in the raw table, I would have >> assumed it skips all conntracking - including defrag. > >Let's assume that you don't want to track the UDP DNS lookups to your busy >DNS server but want to track all other connections: > >iptables -t raw -A PREROUTING -d dns.server -p udp --dport 53 -j NOTRACK >iptables -t raw -A PREROUTING -s dns.server -p udp --sport 53 -j NOTRACK > >If the fragments were visible in the raw table, what rule would you >use to handle them? Hm, -t raw -A PREROUTING -f -d dns.server -p udp --d/sport 53 -j NOTRACK? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
