Dear, I've a question whether it is a supported configuration where the connection tracking module is solely used for traffic local to the device. I don't need any tracking on the forwarded traffic, however for local traffic it could increase protection. Forwarded traffic only needs some stateless filtering (drop some specific kinds of traffic I dislike, such as RIP, OSPF, ...). The device is a router for my wireless WLAN and will probably be supplemented by a second system. Connection tracking is not very useful here... The device is a Linksys WRT54G running OpenWRT (Linux 2.4) and iptables 1.3.1. - Joris Dobbelsteen
