Hi,
For a while now I excluded two IPs on my firewall from connection tracking
which works very well. Now I tried adding another IP but that doesn't seem
to work. I added the following rules:
iptables -t raw -A PREROUTING -s 192.168.10.10 -j NOTRACK
iptables -t raw -A PREROUTING -d 192.168.10.10 -j NOTRACK
Yet when I look in /proc/net/ip_conntrack I still see 192.168.10.10 using
up most of the entries.
Is there something else that needs to be done to exclude this IP completely
from the connection tracking table?
Regards,
Dennis
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html