iptables -t raw -A PREROUTING -i eth0 -o eth7 \
-s 192.168.1.0/24 -j CT --ctevents new,related,destroy
It should be hard to add some "none" for --ctevents so you can add to
the following rules below:
iptables -t raw -A PREROUTING -i eth0 -o eth7 \
-s 192.168.1.0/24 -j CT --ctevents new,related,destroy
iptables -t raw -A PREROUTING -i eth0 -o eth7 \
! -s 192.168.1.0/24 -j CT --ctevents none
Not to report events for others. Note that the "none" is missing now
in iptables.
Thus, we will only get events coming from 192.168.1.0/24.
I am not entirely certain whether I could do more damage to my setup if
I do the above. Let me explain:
On all interfaces, with the exception of one, I have a limited set of
rules, which are traversed only when a new connection is established
(i.e. the state is NEW). In all other cases, I have -j ACCEPT when the
state is RELATED or ESTABLISHED. This was done primarily to lower the
load on the firewall machine and also to save me from writing iptables
rules for both sides of a connection.
I am not sure if I apply the above, how would that affect the setup I
just described and I am not sure whether it would make things worse.
Again, my aim is to be able to configure full logging of particular type
of connections via NFCT (from their inception to their closure),
depending on the interface and source/destiantion IP address/subnet,
possibly without affecting the above setup too much.
I know how to do that with packets via NFLOG - that is easy enough for
me, but I am struggling with NFCT, unfortunately.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
