The commit a2361c8735e07322023aedc36e4938b35af31eb0
("netfilter: xt_conntrack: warn about use in raw table")
disallows use of -m conntrack in the raw table:
"nfct happens to run after the raw table only".
Thats correct, but when the packet was sent from the local machine the
skb already has ->nfct attached, and -m conntrack seems to do
the right thing.
Is the use of -m conntrack in such a scenario considered invalid?
Thanks,
Florian
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
