Hello,
I am currently setting up an IPS and would like to do so in-line using
NFQ. Example:
add table bridge ips
add chain bridge ips brfwd { type filter hook forward priority 0;
policy drop; }
add rule bridge ips brfwd counter queue num 0
Connection tracking with support for 'ct mark' would allow for
bypassing the IPS early.
I have seen that work is under way. Can any estimates be made as to when
CT might officially land in the kernel?
What steps would need to be taken/state needed to be reached for this to
happen?
Are there instructions on how to build a kernel with the preliminary
patches applied?
Kind regards
M. Schröder
