On Wednesday 2010-02-10 23:07, Jan Engelhardt wrote: > >On Wednesday 2010-02-10 22:32, Jozsef Kadlecsik wrote: >>> >>> How so? If I untrack something in the raw table, I would have >>> assumed it skips all conntracking - including defrag. >> >>Let's assume that you don't want to track the UDP DNS lookups to your busy >>DNS server but want to track all other connections: >> >>iptables -t raw -A PREROUTING -d dns.server -p udp --dport 53 -j NOTRACK >>iptables -t raw -A PREROUTING -s dns.server -p udp --sport 53 -j NOTRACK >> >>If the fragments were visible in the raw table, what rule would you >>use to handle them? > >Hm, -t raw -A PREROUTING -f -d dns.server -p udp --d/sport 53 -j NOTRACK? Ha. I see... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
