search for: seen_reply

https://bugzilla.netfilter.org/show_bug.cgi?id=875 Summary: iptables -m conntrack --ctstatus NONE,EXPECTED is not consistent with --ctstatus SEEN_REPLY,EXPECTED Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: quen...

...orter: zrm at trustiosity.com The code intended to extend the conntrack timeout in the event of new traffic doesn't check the existing timeout, so if the existing timeout was already longer than the default, the timeout is reduced. Example scenario: Default UDP timeout is three minutes (after SEEN_REPLY). The timeout for one specific entry is extended to five hours using the conntrack command or API. Three seconds later new traffic is seen for that entry and the kernel resets the timeout from 04:59:57 to 00:03:00. (Actual use case: Implementing RFC6887 PEER command so that e.g. UDP VPN can reduce...

I am working on a split route and ShoreWall system. I reviewed the lartc documentation but have a few areas that I still need help on. Here is my network: 64.xxx.xxx.1/25 66.xxx.xxx.129/26 | | ################################################# # Eth2 64.xxx.xxx.2 eth0 66.xxx.xxx.130 # #