Hello, Raviv a écrit : > > I tried to setup a rule for notracking TCP connections as follows: > > iptables -t raw -A PREROUTING -p tcp -j NOTRACK > > but stiil i can see a lot of tcp connections in /proc/net/nf_conntrack. If these TCP connections are established by the host, you need to add the same rule in the OUTPUT chain too. Also if you have IPv6 traffic you need to add the same rules with ip6tables. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
