Re: Actually Using Conntrack?

To: debian-user@lists.debian.org
Subject: Re: Actually Using Conntrack?
From: Mart Frauenlob <mart.frauenlob@chello.at>
Date: Sun, 27 Jan 2013 10:07:20 +0100
Message-id: <[🔎] 5104EE48.5050005@chello.at>
Reply-to: mart.frauenlob@chello.at
In-reply-to: <[🔎] 201301261928.22680.d_baron@012.net.il>
References: <[🔎] 201301261928.22680.d_baron@012.net.il>

On 26.01.2013 18:28, David Baron wrote:

I still get that (harmless) string of warnings to use conntrack instead
of the current, obsolete "state match." I have conntract installed. So
how do I use it?


This refers to the match extension 'conntrack' vs 'state' of iptables.
Use it like this: -m conntrack --ctstate [INVALID|ESTABLISHED|NEW|...]

The warnings will go away in future iptables releases, because the statematch will not be dropped, but aliased to use conntrack internally(recent discussion on netfilter mailing lists).


[...]

Reply to:

References:
- Actually Using Conntrack?
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: [OT] Language(No programming language ) question
Next by Date: Re: [OT] Language(No programming language ) question
Previous by thread: Actually Using Conntrack?
Next by thread: Help file for sequences@oeis.org
Index(es):
- Date
- Thread