|
Is there currently a way for iptables to force
another packet stream conntrack entry to be RELATED without having to
look inside of the packet data?
For example: If a 10.0.0.2 client behind an
iptables firewall were to send an IMCP echo to 10.20.30.1, could a rule be set
up so that after the firewall see this packet, all udp packets sent to
dport=45678 would be DNATed to 10.0.0.2?
The designated RELATED stream would in general then
be just like any other conntrack entry.
My guess is that this would require a generic
force-related module.
|
