All of lore.kernel.org
 help / color / mirror / Atom feed
* Excluding IP from connection tracking
@ 2009-05-29 10:04 Dennis J.
  2009-05-29 10:25 ` Martin Millnert
  0 siblings, 1 reply; 3+ messages in thread
From: Dennis J. @ 2009-05-29 10:04 UTC (permalink / raw)
  To: netfilter

Hi,
Is there a way to exclude destination IPs from connection tracking? Right 
now if I enable connection tracking in general on our router after about 30 
seconds the connection table fills up. 99% of the traffic is hitting a 
specific IP and I would like to keep the connection tracking itself 
available for everything else but disable it for that IP only so the 
connection table stops getting filled up.

Regards,
   Dennis

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Excluding IP from connection tracking
  2009-05-29 10:04 Excluding IP from connection tracking Dennis J.
@ 2009-05-29 10:25 ` Martin Millnert
  2009-05-29 10:30   ` Pascal Hambourg
  0 siblings, 1 reply; 3+ messages in thread
From: Martin Millnert @ 2009-05-29 10:25 UTC (permalink / raw)
  To: Dennis J.; +Cc: netfilter

[-- Attachment #1: Type: text/plain, Size: 613 bytes --]

On Fri, 2009-05-29 at 12:04 +0200, Dennis J. wrote:
> Hi,
> Is there a way to exclude destination IPs from connection tracking? Right 
> now if I enable connection tracking in general on our router after about 30 
> seconds the connection table fills up. 99% of the traffic is hitting a 
> specific IP and I would like to keep the connection tracking itself 
> available for everything else but disable it for that IP only so the 
> connection table stops getting filled up.
> 
> Regards,
>    Dennis
> --

Hi Dennis,

see -t raw -j NOTRACK.

Regards,
-- 
Martin Millnert <millnert@csbnet.se>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Excluding IP from connection tracking
  2009-05-29 10:25 ` Martin Millnert
@ 2009-05-29 10:30   ` Pascal Hambourg
  0 siblings, 0 replies; 3+ messages in thread
From: Pascal Hambourg @ 2009-05-29 10:30 UTC (permalink / raw)
  To: netfilter

Hello,

Martin Millnert a écrit :
> 
> see -t raw -j NOTRACK.

And make sure NOTRACK is applied to packets in both directions, i.e with 
that address as either source or destination.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-05-29 10:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-29 10:04 Excluding IP from connection tracking Dennis J.
2009-05-29 10:25 ` Martin Millnert
2009-05-29 10:30   ` Pascal Hambourg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.