[ Please use the netfilter not netfilter-devel list for this sort of question ] On Thu, 2012-05-03 at 14:25 +0530, rahul shrivastava wrote: > I am using iptables for nat > kernel version is 2.6.35+ > working on powerpc target > > case 1) traffic is already flowing and we apply a rule, that rule will > become effective only when we stop traffic and start again. > > case 2) traffic is already flowing and we delete a rule, this rule > will still be effective unless we stop and start traffic again. > > observation: /proc/net/ip_conntrack file is updated only after stoping > and starting traffic again. Depending what you are doing, this shouldn't happen. How are you applying the rules? Directly with iptables commands? If so, what are the commands? For some rules, such as port redirection, I have found that the conntrack cache needs to be cleared. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
