>> > > Yeah, connection tracking automagically implies state inspection. >> > >> > OK. Thanks for the informative comments but can you lay out the >> > steps to prevent stateful inspection? For example, how to unload >> > "ip_conntrack" and to prevent it from being reloaded again? >> > >> Personally, I would re-compile the kernel without connection tracking >> support. > OK. If you recompile without conntrack, can you do NAT? I'm just wondering? no, Netfilter's NAT relies upon the conntrack. Can I ask you why do you want to turn off the conntrack ? If it's for speed or memory reasons, then using NAT will have a similar overhead (maybe not exactly the same, but similar) anyway. When you NAT a connection, you're forced to keep track of the connection a way or another, to NAT further packets of the connection the same way. -- Gael Le Mignot "Kilobug" - kilobug@xxxxxxxxx - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org
