-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 17 Jan 2007, Grant Taylor wrote:
[SNIP]
Some times there are reasons to do non standard things for very special
reasons, usually very stringent performance reasons. If you are wanting to
filter in the mangle table to prevent the connection tracking system from
seeing traffic (if even that will do so), you should consider the raw table,
which is used specifically to tell the kernel not to track specific packets.
Oh, by the way, the raw table only has PREROUTING and OUTPUT chains.
Or, how about a shorter reply with a tiny bit of common sense; filter
implies seperation, thus the common sense place to "filter traffic" would
be in the filter tables, yes?
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFsP8jst+vzJSwZikRAgATAKDLabkeh7wtKs8mYSNMzG8VrOQThgCeO9j0
76Nn0QW2R+X0mNYAHxPgTEw=
=QqWZ
-----END PGP SIGNATURE-----
