Hello! Dropping connecctions on RAW table prevents connections being tracked? or maybe You have to send those packets to NOTRACK target and later drop them on raw or filter tables... I use to catch Intruders on filter tables for no allowed destinations and remember them in ipt_recent lists, in order to drop subsecuent packets early in the raw table to save processing connection tracking for those ip's. Is that right? On RAW table # EARLY DROP iptables -t raw -A PREROUTING -i eth0 -m recent --update --seconds 60 --name OUTSIDERS -j DROP .. .. .. # On FILTER table # FIRST MATCH ... ... # Chain for matching currenlty allowed network destinations... -A ALLOWED_NETWORKS -d <allowed> -j ACCEPT .. .. # Drop no allowed destinations and rememeber them for 1 minute -A ALLOWED_NETWORKS -m recent --set --name OUTSIDERS -j DROP I think dropping on RAW tables should prevent packets for being tracked on ct, but im not sure. Any ideas about this??? ..Clist -- ------------------------------------------------- Clister UAH -------------------------------------------------
