I'm writing a userspace conntrack, using nfqueue and conntrack. Creating expectations works fine, metfilter matches and allows the expected connection. However, unlike ftp, the negotiated ephemeral port is used by multiple simultaneous tcp connections for some period. I'd like the expectation to be kept in place until it times out, even when its matched. I can create this effect by watching for the conntrack event indicating the expectation was destroyed, and recreating it, but I'd like to know if there is a better way. Cheers, Sam -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
