Quoting Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx>: > > > > Looks to me once I loaded the conn_track modules, everything was > tracked. > > Correct. > > > Is there a way I can specify, for example, that I only want http to > be > > tracked? All other traffic will be dropped anyway, tracked or not. > > If it's going to be dropped, there won't be a connection, therefore the > other > traffic won't consume any connection tracking resources. I believe the connection tracking is useful for the FORWARD filter, however, for the INPUT filter, its the job of Linux TCP/UDP to take care of those things. Keep another set of stat below the IP layer does not make sense to me. The upper layer protocol has a better knowledge of the connection state than the conn_track anyway. > > Regards, > > Antony. > > -- > How I want a drink, alcoholic of course, after the heavy chapters > involving > quantum mechanics. > > - 3.14159265358979 > > Please reply to the > list; > please don't > CC me. > >
