Hello, I'm working on a cluster of two bridge firewalls. In many documents that talks about redundant firewalls (that you can find googling around) you read that it is necessary to enable the option nf_ct_tcp_be_liberal in the netfilter module to allow a better handling of the connections takeover between the two nodes of the cluster. Sure this statement is true for firewall with routing functions but is also true for firewall with totally transparent bridges (without an IP)? Thank you in advance. -- Michele Codutti Centro Servizi Informatici e Telematici (CSIT) Universita' degli Studi di Udine via Delle Scienze, 208 - 33100 UDINE tel +39 0432 558928 fax +39 0432 558911 e-mail: michele.codutti at uniud.it -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html