I'd really like to have some way to bypass ip_conntrack for some
packets. Basically I need to run very intensive port scanning through my
firewall and as soon as ip_conntrack loaded it dies within seconds from
syn flood. Increase limit doesnt work becuase I need about 127000
packets to be sent from different source ports. So far I just keep
contrack unloaded and firewall works fine as pure stateless filter. But
now I need statefull inspection on this machine for some IPs. So the
question - is it possible to avoid connection tracking for some specific
IPs?
Thanks!
Andrey
