On Monday 07 April 2003 04:19 pm, Robert P. J. Day wrote: [snipped humiliating reminder of my oversight :^)] > so now, the first question or two. first, even after you > select "IP tables support", you can deselect *everything* > inside that menu. if you do that, is there *anything* you > can do in terms of netfiltering? i mean, does that single > selectable "IP tables support" option have any functionality > all by itself? Yes. If you select "IP tables support" but no further options within that set, you can still perform filtering. For example, you could still ACCEPT or DROP based on source or destination IP. > second, i notice that even if you deselect "IP tables > support", you can still independently select the option > "Connection tracking (required for masq/NAT) above it. > without IP tables support, what is the value/function of > the Connection tracking option? what can you still do > with it? I presume that netfilter would still track connections, and that information would still be available through /proc/net/ip_conntrack however. Useful for accounting or logging from userspace perhaps. I'm not aware of any useful purpose it would serve. Anyone else? > more questions to come. > > rday j
