On Friday 12 December 2003 10:53 pm, Kishore Dharmavaram wrote:
> Hello Jan & All,
>
> Yes I want to do that for UDP & ICMP, can you tellme how to remove stateful
> inspection(connection tracking) for just ICMP and UDP protocols without
> removing NAT on ICMP and UDP packets.
NAT can be done on whichever protocols you do, or do not, want; however
connection tracking is either on or off, for the entire machine.
IPtables (netfilter) supports stateful inspection; IPchains does not.
However, if you use the connection tracking facilities, then all connections
going through netfilter will be tracked.
You can't turn it on or off for particular types of packets - it's either on
or off - that's it.
Antony.
--
"Reports that say that something hasn't happened are always interesting to me,
because as we know, there are known knowns; there are things we know we know.
We also know there are known unknowns; that is to say we know there are some
things we do not know. But there are also unknown unknowns - the ones we
don't know we don't know."
- Donald Rumsfeld, US Secretary of Defence
Please reply to the list;
please don't CC me.
