Mr Dash Four <mr.dash.four@xxxxxxxxxxxxxx> wrote: > > >>The specific reason I raised this issue is because on the main > >>firewall we have here, if I deploy ulogd2 and use NFCT at its > >>present form, I will get the logs from all 7 interfaces, and it > >>would make it an absolutely huge task to sift through all these logs > >>and "match" the various entries (OK, doing it through the database > >>will help up a bit, but not a lot). > > > >Try something like > >iptables -t raw -A PREROUTING (thingsyoudontwant) -j CT --ctevents related > What do you mean by "(thingsyoudontwant)"? How would that affect > tracking (sorry, I probably need to brush-up on the CT a bit)? It specifies what events to generate; Events that aren't generated can't be seen by NFCT. Tracking itself is not influenced. As Pablo pointed out, you could also try disabling event reporting completely via sysctl and only enable events for those networks/services you're interested in. So e.g. if you are only interested in logging the start and end of connections coming from 192.168.1/24 on eth0 and going out via eth7 you could try echo 0 > /proc/sys/net/netfilter/nf_conntrack_events iptables -t raw -A PREROUTING -i eth0 -o eth7 \ -s 192.168.1.0/24 -j CT --ctevents new,related,destroy -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
