On Wednesday 2011-12-28 03:12, Tim Lank wrote: >Netfilter list: > >I have this in my iptables and it seems to work in that it doesn't >track the connections on the eth1 interface. > >*raw >:PREROUTING ACCEPT [1327:114702] >:OUTPUT ACCEPT [2012:272100] >-A PREROUTING -i bond1 -j NOTRACK >-A OUTPUT -o bond1 -j NOTRACK >COMMIT > >However, it never gets to the sshd or httpd service and reply to the client. Is that perhaps because your ruleset implicitly drops these packets, since they are neither NEW nor ESTABLISHED nor RELATED. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
