On Thu, 2009-07-02 at 17:06 +0100, Terry Burton wrote:
> Thanks, but my issue isn't with firewalling, rather that I'd like this
> traffic to avoid the conntrack table altogether to avoid system load.
Still it's a way to disable conntracking for just one interface, right?
The raw table is evaluated before the connection tracking code. In fact
being able to do stuff before the connection tracking code is called
is the raison d'être of the raw tables.
I.e. -A PREROUTING -i <MIRROR-INTERFACE> -j NOTRACK
If you want to disable conntracking altogether just unload
the conntracking/iptables modules.
> As soon as I bind the (unaddressed) interface into the bridge the
> packets are conntracked.
Oh yes, sorry, I didn't read you email correctly, you are bridging
packets thru your box so the conntrack code gets to see them. Don't
know if the above will still work under these circumstances, just
try it out.
Thomas
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
