Hello, Marcel Laverdet a écrit : > > For some reason I can't seem to get the NOTRACK iptables rule to do > anything at all. Can anyone make sense of the following session which I > think describes the problem better than words could. The session below was > carried out on a reasonably busy server, and I didn't waste much time in > between each command. [...] > fantasma marcel # iptables -t raw -A PREROUTING -i lo -j NOTRACK I guess the raw/PREROUTING chain is too late for local traffic. Locally generated packets are processed by conntrack in the NF_IP_LOCAL_OUT hook unless the NOTRACK target was used in the raw/OUTPUT chain. Try this instead : iptables -t raw -A OUTPUT -o lo -j NOTRACK -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
