All of lore.kernel.org
 help / color / mirror / Atom feed
* How to completely disable conntrack?
@ 2011-03-09 13:51 Petr Šťastný
  2011-03-09 14:24 ` Pandu Poluan
  0 siblings, 1 reply; 8+ messages in thread
From: Petr Šťastný @ 2011-03-09 13:51 UTC (permalink / raw)
  To: netfilter

I'm using Fedora 14, which has conntrack compiled into the kernel. It is
not a module, so I'm not able to unload it to disable connection
tracking. Is it possible to do it in another way without building my own
kernel?

Thanks

Petr Stastny



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: How to completely disable conntrack?
  2011-03-09 13:51 How to completely disable conntrack? Petr Šťastný
@ 2011-03-09 14:24 ` Pandu Poluan
  2011-03-09 19:05   ` Jan Engelhardt
  2011-03-10 22:47   ` Pascal Hambourg
  0 siblings, 2 replies; 8+ messages in thread
From: Pandu Poluan @ 2011-03-09 14:24 UTC (permalink / raw)
  To: Petr Šťastný, netfilter

I'm sure there's a sysctl knob, but off the top of my head:

-t raw -A PREROUTING -j NOTRACK

Rgds,


On 2011-03-09, Petr Šťastný <petr.stastny@centrum.cz> wrote:
> I'm using Fedora 14, which has conntrack compiled into the kernel. It is
> not a module, so I'm not able to unload it to disable connection
> tracking. Is it possible to do it in another way without building my own
> kernel?
>
> Thanks
>
> Petr Stastny
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>


-- 
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: How to completely disable conntrack?
  2011-03-09 14:24 ` Pandu Poluan
@ 2011-03-09 19:05   ` Jan Engelhardt
  2011-03-10 22:47   ` Pascal Hambourg
  1 sibling, 0 replies; 8+ messages in thread
From: Jan Engelhardt @ 2011-03-09 19:05 UTC (permalink / raw)
  To: Pandu Poluan; +Cc: Petr Šťastný, netfilter

On Wednesday 2011-03-09 15:24, Pandu Poluan wrote:

>I'm sure there's a sysctl knob, but off the top of my head:
>
>-t raw -A PREROUTING -j NOTRACK

-j CT --notrack

'-j NOTRACK' is on the path to removal.


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: How to completely disable conntrack?
  2011-03-09 14:24 ` Pandu Poluan
  2011-03-09 19:05   ` Jan Engelhardt
@ 2011-03-10 22:47   ` Pascal Hambourg
  2011-07-13  7:24     ` nany
  1 sibling, 1 reply; 8+ messages in thread
From: Pascal Hambourg @ 2011-03-10 22:47 UTC (permalink / raw)
  To: Pandu Poluan; +Cc: Petr Št(astný, netfilter

Hello,

Pandu Poluan a écrit :
> I'm sure there's a sysctl knob, but off the top of my head:
> 
> -t raw -A PREROUTING -j NOTRACK

You'll need the same in the OUTPUT chain too.

> On 2011-03-09, Petr ¦t(astný <petr.stastny@centrum.cz> wrote:
>> I'm using Fedora 14, which has conntrack compiled into the kernel. It is
>> not a module, so I'm not able to unload it to disable connection
>> tracking. Is it possible to do it in another way without building my own
>> kernel?


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: How to completely disable conntrack?
  2011-03-10 22:47   ` Pascal Hambourg
@ 2011-07-13  7:24     ` nany
  2011-07-13  8:07       ` Oskar Berggren
  0 siblings, 1 reply; 8+ messages in thread
From: nany @ 2011-07-13  7:24 UTC (permalink / raw)
  To: netfilter

Pascal Hambourg <pascal.mail <at> plouf.fr.eu.org> writes:

> 
> Hello,
> 
> Pandu Poluan a écrit :
> > I'm sure there's a sysctl knob, but off the top of my head:
> > 
> > -t raw -A PREROUTING -j NOTRACK
> 
> 
-t raw -A OUTPUT -j NOTRACK

hey man i applied above rules, its not working, 

the connections shows in /proc/net/ip_conntrack

is any one can tell how to disable connection tracking completely,

please help me man





^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: How to completely disable conntrack?
  2011-07-13  7:24     ` nany
@ 2011-07-13  8:07       ` Oskar Berggren
  2011-07-13  9:45         ` Jan Engelhardt
  0 siblings, 1 reply; 8+ messages in thread
From: Oskar Berggren @ 2011-07-13  8:07 UTC (permalink / raw)
  To: nany; +Cc: netfilter

Unload the module.

/Oskar


2011/7/13 nany <naveen.sadanand@gmail.com>:
> Pascal Hambourg <pascal.mail <at> plouf.fr.eu.org> writes:
>
>>
>> Hello,
>>
>> Pandu Poluan a écrit :
>> > I'm sure there's a sysctl knob, but off the top of my head:
>> >
>> > -t raw -A PREROUTING -j NOTRACK
>>
>>
> -t raw -A OUTPUT -j NOTRACK
>
> hey man i applied above rules, its not working,
>
> the connections shows in /proc/net/ip_conntrack
>
> is any one can tell how to disable connection tracking completely,
>
> please help me man
>
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: How to completely disable conntrack?
  2011-07-13  8:07       ` Oskar Berggren
@ 2011-07-13  9:45         ` Jan Engelhardt
  2011-07-13 13:45           ` OFF: " Gáspár Lajos
  0 siblings, 1 reply; 8+ messages in thread
From: Jan Engelhardt @ 2011-07-13  9:45 UTC (permalink / raw)
  To: Oskar Berggren; +Cc: nany, netfilter

On Wednesday 2011-07-13 10:07, Oskar Berggren wrote:

>>>> I'm sure there's a sysctl knob, but off the top of my head:
>>>>
>>>> -t raw -A PREROUTING -j NOTRACK
>>
>> -t raw -A OUTPUT -j NOTRACK

-t raw -A PREROUTING (or OUTPUT depending on which you want) -j CT --notrack

>> hey man i applied above rules, its not working,

It certainly does work.

>> the connections shows in /proc/net/ip_conntrack

Of course - because you only disabled it for new packets. Old CTs
live on until they are cleared.

>> is any one can tell how to disable connection tracking completely,
>>
>> please help me man

["yo man" this ain't the hood, ya dig.]

>Unload the module.

That won't work if it is locked by iptables rules, though.

^ permalink raw reply	[flat|nested] 8+ messages in thread
* OFF: Re: How to completely disable conntrack?
  2011-07-13  9:45         ` Jan Engelhardt
@ 2011-07-13 13:45           ` Gáspár Lajos
  0 siblings, 0 replies; 8+ messages in thread
From: Gáspár Lajos @ 2011-07-13 13:45 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: Oskar Berggren, nany, netfilter

< OFF >
>>> is any one can tell how to disable connection tracking completely,
>>>
>>> please help me man
> ["yo man" this ain't the hood, ya dig.]

MEGALOL !!! :D

< /OFF >

Swifty

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-07-13 13:45 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-09 13:51 How to completely disable conntrack? Petr Šťastný
2011-03-09 14:24 ` Pandu Poluan
2011-03-09 19:05   ` Jan Engelhardt
2011-03-10 22:47   ` Pascal Hambourg
2011-07-13  7:24     ` nany
2011-07-13  8:07       ` Oskar Berggren
2011-07-13  9:45         ` Jan Engelhardt
2011-07-13 13:45           ` OFF: " Gáspár Lajos

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.