bugzilla-daemon at netfilter.org
2018-Apr-04 13:36 UTC
[Bug 1241] New: Please support inverting filters
https://bugzilla.netfilter.org/show_bug.cgi?id=1241
Bug ID: 1241
Summary: Please support inverting filters
Product: conntrack-tools
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: conntrack
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: korn-netfilter.org at elan.rulez.org
I have a firewall where sometimes NAT rules change so that certain UDP
connections that were not SNATed before should be SNATed now.
Before the NAT rules go up, the affected packets are passed but the connections
end up in the UNREPLIED state; however, due to connection tracking, these
sessions get stuck in this state if the source keeps sending new UDP packets.
I would like to be able to flush unreplied UDP connections using something like
conntrack -D -p udp -u !assured
I'm sure filter negation would be useful in many other instances as well.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180404/764b435c/attachment.html>
Possibly Parallel Threads
- [Bug 14529] New: Please add option to save metadata to single file to speed up backups
- [Bug 1183] New: need options to output UNREPLIED connections
- conntrack entries established before nat
- [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS
- [Bug 1203] New: 'DisableExternalCache On' seems to be broken
Wisdom of the Ancients
