On Wednesday 2010-12-01 15:42, Pascal Hambourg wrote: >Raviv a Ãcrit : >> >> I tried to setup a rule for notracking TCP connections as follows: >> >> iptables -t raw -A PREROUTING -p tcp -j NOTRACK >> >> but stiil i can see a lot of tcp connections in /proc/net/nf_conntrack. > >If these TCP connections are established by the host, you need to add >the same rule in the OUTPUT chain too. Also if you have IPv6 traffic you >need to add the same rules with ip6tables. And since we're ultramodern, it's actually -p tcp -j CT --notrack -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
