Michael McCallister wrote:
Hello,
First, a warning - I am a newbie to netfilter, so I may ask some stupid
questions here. I believe the connbytes patch offers exactly what I am
looking for - granted it is listed as experimental, but I am willing to
test it out since if offers the functionality I think I need - mainly
depriotizing bulk transfers. I am concerned because it appears it was
dropped from the main linux kernel, the last kernel I found with it was
linux-2.6.15.7. Also, it is not in pom-ng - at least I could not find
it in pom snapshots or cvs
(http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/).
So I get the impression there may be plans to get rid of the connbytes
patch. The latest iptables still does checks for it though "[ -f
$KERNEL_DIR/net/ipv4/netfilter/ipt_connbytes.c ] && echo connbytes".
Was there a decision that it was not suitable anymore and it is being
eliminated in favor of another approach? If so, any advice as to the
new approach is greatly appreciated. Also, if it was dropped from the
kernel/pom because it was highly unstable and caused system crashes -
that would be great information too :-)
Thanks for any help - my apologies if I missed something obvious.
Michael
Still there new name - the whole netfilter config has changed since I
last did one.
[andy@amd ~]$ grep -i connbytes /boot/config-2.6.16.11
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
Andy.
