Hello ! I try to use conntrack to create a small security solution on my firewall, because it knows, whats passing cross-wall. I am using this statetment to run: "conntrack -E -e new -o id,timestamp,ktimestamp,extended" and I get results. But this is not what I am looking for, because the data doe NOT contain any packet information (as they are visible, if one uses "Conntrack -L"). I need something which show from the first moment on, if data will be transferred. Even including the "update" event does not change this. Regard a UDP packet, which just comes onece. You' have to wait until the destroy event tells you, how many data were transferred - but this is definitively too much too late. Because - from my small insights - conntrack is the only tool which knows these cross-wall connections, which option do I have? Thanks anyway, Manfred -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
