* Excluding IP from connection tracking @ 2009-05-29 10:04 Dennis J. 2009-05-29 10:25 ` Martin Millnert 0 siblings, 1 reply; 3+ messages in thread From: Dennis J. @ 2009-05-29 10:04 UTC (permalink / raw) To: netfilter Hi, Is there a way to exclude destination IPs from connection tracking? Right now if I enable connection tracking in general on our router after about 30 seconds the connection table fills up. 99% of the traffic is hitting a specific IP and I would like to keep the connection tracking itself available for everything else but disable it for that IP only so the connection table stops getting filled up. Regards, Dennis ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Excluding IP from connection tracking 2009-05-29 10:04 Excluding IP from connection tracking Dennis J. @ 2009-05-29 10:25 ` Martin Millnert 2009-05-29 10:30 ` Pascal Hambourg 0 siblings, 1 reply; 3+ messages in thread From: Martin Millnert @ 2009-05-29 10:25 UTC (permalink / raw) To: Dennis J.; +Cc: netfilter [-- Attachment #1: Type: text/plain, Size: 613 bytes --] On Fri, 2009-05-29 at 12:04 +0200, Dennis J. wrote: > Hi, > Is there a way to exclude destination IPs from connection tracking? Right > now if I enable connection tracking in general on our router after about 30 > seconds the connection table fills up. 99% of the traffic is hitting a > specific IP and I would like to keep the connection tracking itself > available for everything else but disable it for that IP only so the > connection table stops getting filled up. > > Regards, > Dennis > -- Hi Dennis, see -t raw -j NOTRACK. Regards, -- Martin Millnert <millnert@csbnet.se> [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 835 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Excluding IP from connection tracking 2009-05-29 10:25 ` Martin Millnert @ 2009-05-29 10:30 ` Pascal Hambourg 0 siblings, 0 replies; 3+ messages in thread From: Pascal Hambourg @ 2009-05-29 10:30 UTC (permalink / raw) To: netfilter Hello, Martin Millnert a écrit : > > see -t raw -j NOTRACK. And make sure NOTRACK is applied to packets in both directions, i.e with that address as either source or destination. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-05-29 10:30 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-05-29 10:04 Excluding IP from connection tracking Dennis J. 2009-05-29 10:25 ` Martin Millnert 2009-05-29 10:30 ` Pascal Hambourg
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.