Op woensdag 24 september 2014 11:49:02 schreef Pascal Hambourg: > Maarten Vanraes a écrit : > > so, even some kind of odd udp reply will still be the same connection if > > it's within 30seconds? > > Not odd. The reply packet has to match the addresses and ports in the > original packet (with source and destination swapped). > > > so, i can use connmark on not just TCP, but on all protocols? > > Not all protocols, but any protocol implementation which behaves in the > way expected by conntrack. ok, thanks, so, this is why streaming/voip stuff will still have issues... -- BA NV IT & Security -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
