Christian Ruppert a écrit : > > On 2015-06-23 23:33, Pascal Hambourg wrote: >> Christian Ruppert a écrit : >>> >>> iptables -t raw -I PREROUTING -p tcp -m tcp --syn -j CT --notrack >> >> This rule disables connection tracking which is required for stateful >> NAT operation. > > Thanks! From what I've seen/read, this rule is required or am I wrong? AFAIK it's not strictly required for SYNPROXY operation. It just saves connection tracking resources. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
