> But you do not have to enable TRACE for all your sessions, only > the informations you are looking for. Hi, Yes, that's true, TRACE does not have to be enabled for all sessions. But with TRACE I rely on real traffic and there is some interaction necessary to create such traffic (if multiple parties are involved). The idea I have is a bit the same as with routing. If I want to know where a packet is routed to, then I use 'ip route get <dst_ip>' and can even add other information such as incoming interface, source IP address, FWMARK, etc. to consider my routing policy. I don't wait or look for traffic that matches my requirements and check with tcpdump where it is routed to - I ask the system for the action based on my input. It would be great to have a similar mechanism with iptables. Best regards Stefan Keller -- stefan keller product manager open systems ag raeffelstrasse 29 ch-8045 zurich t: +41 44 455 74 00 f: +44 44 455 74 01 stefan.keller@xxxxxxx http://www.open.ch -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
