I noticed that ctnetlink_change_conntrack has a stanza that looks like the following: /* only allow NAT changes and master assignation for new conntracks */ if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST] || cda[CTA_TUPLE_MASTER]) return -EOPNOTSUPP; Preventing me from changing the NAT entry for a given connection, even if it's in time_wait. Why is this the case? An alternative for my use case would be the ability to send a command to destroy and create a new entry. Is there a mechanism to do this without having to monitor the conntrack events, and change my behaviour depending on whether or not I find a colliding entry? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
