On 22.01.2015 08:55, Jan Niggemann wrote:
Zitat von Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>:
Jan Niggemann a écrit :
nf_conntrack_proto_gre 12886 0
nf_conntrack_ipv4 18003 1
nf_defrag_ipv4 12443 1 nf_conntrack_ipv4
xt_conntrack 12601 1
nf_conntrack 57737 3
nf_conntrack_proto_gre,xt_conntrack,nf_conntrack_ipv4
x_tables 18078 5
ip_tables,xt_tcpudp,xt_conntrack,iptable_filter,iptable_mangle
I do not see nf_conntrack_pptp here. It is required so that the first
GRE packet has the RELATED state.
I had forgotten about that one.
OK, so do I get this right:
From kernel 3.18 onwards I have to take care to first load the
extension modules and only then create the pptp vpn connection?
Is there some kind of mechanism to automatically load the extension
modules before initiating the connection and unloading them after the
connection has finished?
Hello,
the way I understand the change is:
you need to add an according iptables rule for the first state NEW
packet, which will then load the according conntrack helper
automatically. So further packets are classified as ESTABLISHED or RELATED.
There is no mechanism of unloading a module once it has been loaded afaik.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
