On 5/15/2015 5:39 PM, Tom Eastep wrote: > On 5/15/2015 5:27 PM, Tom Eastep wrote: >> On 5/15/2015 4:13 PM, Tom Eastep wrote: >>> On 5/15/2015 12:26 PM, Justin Pryzby wrote: >>>> I'm using conntrackd; and wondered if shorewall-conntrack syntax allows >>>> limiting conntrack to only "assured,destroyed" events as described here: >>>> http://conntrack-tools.netfilter.org/manual.html#sync-iptables-filtering >>>> >>>> The intent is to reduce CPU use. >>>> >>>> I see that's possible using CT:helper:..(...), but doesn't seem to be >>>> possible >>>> without "helper". Am I wrong? >>>> >>> >>> You are correct. >>> >> >> But if your Shorewall version is recent enough, you can always: >> >> IPTABLES(CT --ctevents assured,destroy) >> > > Or, if you only want the rule in the PREROUTING chain: > > IPTABLES(CT --ctevents assured,destry):P >
Please see the 4.6.10 Beta 1 release notes -- I've added direct support for generating the desired rule. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
