On Sun, Jul 15, 2012 at 10:52:08PM +0200, Eric Leblond wrote: > Hello, > > Le dimanche 15 juillet 2012 à 13:24 +0100, Mr Dash Four a écrit : > > > For NFCT, you simply need to have nfnetlink_conntrack loaded. > > > > > I did, but I also made the mistake of including a few filters in that > > stack, which were incompatible and that was the reason I did not get any > > NFCT logs. Once that was corrected I started seeing connection tracking > > logged. > > > > I have another question with regards to this: Is it possible to limit > > (by a separate filter or otherwise) the reporting and restrict it, to > > say, a specific set of interfaces or specific source/destination IP > > addresses/subnets? > > > > Currently, NFCT reports absolutely everything, which is not what I > > really want as I have to sift through thousands of logs, not to mention > > that by reporting everything the system load is much higher. > > > > So, is there a way for me to do that, somehow? > > Not now but I'm working on it: Pablo has made a filter system in > libnetfilter_conntrack. I will used it to filter. You can also use the CT target to filter conntrack events. It's a global configurable parameter though, but it's easy. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
