From: Alistair Tonner <Alistair@nerdnet.ca>
To: netfilter@lists.netfilter.org
Subject: Re: ip_conntrack_max vs ip_conntrack
Date: Tue, 28 Sep 2004 11:19:35 -0400 [thread overview]
Message-ID: <200409281119.36045.Alistair@nerdnet.ca> (raw)
In-Reply-To: <1403218a040928074868a3a36@mail.gmail.com>
On September 28, 2004 10:48 am, Mohamed Eldesoky wrote:
> Well, I want to make sure that it remembers only connections that
> passes THROUGH it !!
Are you saying you don't want to track local connections?
This file keeps track of anything that *_conntrack_* would watch.
As far as I know this includes local connections --
If you are accepting any connections locally, they are very likely in this
table.
I've seen at least one discussion about breaking this up into different
files. That gets messy very quicky from a code point of view, as well as
from a logic point of view. I certainly prefer the idea of having one place
to track connections.
Alistair Tonner
>
> On 28 Sep 2004 16:27:53 +0200, Jose Maria Lopez <jkerouac@bgsec.com> wrote:
> > El mar, 28 de 09 de 2004 a las 09:59, Mohamed Eldesoky escribió:
> > > But still,
> > > The /proc/net/ip_conntrack should contain all connections tracked by
> > > that firewall (ie, passing through the firewall), am I right ??
> >
> > Yes, and it will remember the connections made for a time. It's
> > a list of all the connections the conntrack system have seen, and
> > it's used to check the established and related connections.
> >
> >
> >
> > --
> > Jose Maria Lopez Hernandez
> > Director Tecnico de bgSEC
> > jkerouac@bgsec.com
> > bgSEC Seguridad y Consultoria de Sistemas Informaticos
> > http://www.bgsec.com
> > ESPAÑA
> >
> > The only people for me are the mad ones -- the ones who are mad to live,
> > mad to talk, mad to be saved, desirous of everything at the same time,
> > the ones who never yawn or say a commonplace thing, but burn, burn, burn
> > like fabulous yellow Roman candles.
> > -- Jack Kerouac, "On the Road"
next prev parent reply other threads:[~2004-09-28 15:19 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-24 22:34 ip_conntrack_max vs ip_conntrack Michal Ludvig
2004-09-24 22:49 ` Stephen J Smoogen
2004-09-30 9:59 ` Michal Ludvig
2004-09-28 7:59 ` Mohamed Eldesoky
2004-09-28 12:31 ` Alistair Tonner
2004-09-28 12:53 ` Ted Kaczmarek
2004-09-28 14:27 ` Jose Maria Lopez
2004-09-28 14:48 ` Mohamed Eldesoky
2004-09-28 15:19 ` Alistair Tonner [this message]
2004-09-30 11:30 ` Mohamed Eldesoky
-- strict thread matches above, loose matches on Subject: below --
2004-09-27 17:52 Jiann-Ming Su
2004-09-27 18:04 ` Jason Opperisano
2004-09-27 18:57 ` Jose Maria Lopez
2004-09-30 22:48 ` Jiann-Ming Su
2004-09-30 23:03 ` Jason Opperisano
2004-10-19 17:21 ` Jiann-Ming Su
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200409281119.36045.Alistair@nerdnet.ca \
--to=alistair@nerdnet.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.