From: venky b <bvr96@yahoo.com>
To: SBlaze <dagent.geo@yahoo.com>, netfilter@lists.netfilter.org
Subject: Re: help required
Date: Sun, 9 Nov 2003 08:11:22 -0800 (PST) [thread overview]
Message-ID: <20031109161122.8833.qmail@web10009.mail.yahoo.com> (raw)
In-Reply-To: <20031109152014.38501.qmail@web40205.mail.yahoo.com>
Hi,
Thanks for responding.
My requirement is as follows
I have a site with two IP subnets A and B.
A is connected to eth0 of IPtables firewall and B is
connected to eth1 interface.
For accessing machines in other locations A must cross
the firewall and go through the router in subnet B,
i.e. WAN connectivity is through subnet B.
I want to implement access control for traffic between
A and B with stateful rules as B is not trusted by A.
Rest of the traffic which is not from/to A
specifically, i.e. coming from or going to other
location should be allowed with ACCEPT target.
There are so many application servers in other
locations which will be accesed by subnet A users,
around 400.
So I do not want IPtables to keep connection tracking
entries for this traffic as it hogs the memory and
cpu.
But at the same time it should keep track of
communication betweeb A <-> B.
Is there a way to turn off/on connection tracking for
specific rules or chains ?
Hope this make everybody clear.
Thanks,
Venkatesh
--- SBlaze <dagent.geo@yahoo.com> wrote:
> You need to be way more specific on what it is you
> want to know. I don't think
> anyone can really help you since your didn't provide
> any information on what it
> is you really want to provided stateful inspection
> on.
>
> SBlaze
>
> --- venky b <bvr96@yahoo.com> wrote:
> > Hi All,
> >
> > Need help on a specific requirement.
> >
> > I want to enable the stateful inspection only for
> few
> > chains.
> >
> > I do not want iptables to maintain state inof for
> the
> > rest of the chains as it is not needed.
> >
> > Any thoughts on this ?
> >
> > Cheers
> > Venkatesh
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Protect your identity with Yahoo! Mail
> AddressGuard
> > http://antispam.yahoo.com/whatsnewfree
> >
>
>
> =====
> In the absence of order there will be chaos.
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
next prev parent reply other threads:[~2003-11-09 16:11 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-09 12:37 help required venky b
2003-11-09 15:20 ` SBlaze
2003-11-09 16:11 ` venky b [this message]
2003-11-10 3:38 ` Venkatesh. K
-- strict thread matches above, loose matches on Subject: below --
2014-07-03 5:28 Help required Vishwanatha Hattera
[not found] <1090537990.3506.6.camel@coati>
2004-07-23 12:46 ` Muhammad R. Sami
2004-07-23 13:19 ` Patrick McHardy
2004-05-20 11:29 Venkatesharao, Lakshmesha
2004-05-20 11:51 ` Alphex Kaanoken
2004-05-20 16:23 ` Jan-Benedict Glaw
2003-07-30 9:40 Help Required Sridhar Murthy
2003-07-31 0:34 ` Carlo Florendo
2003-07-18 3:27 Sridhar Murthy
2003-07-18 5:07 ` Dharmendra.T
2003-07-17 12:47 Sridhar Murthy
2003-07-19 9:07 ` George Vieira
2002-08-09 8:40 Help required Samarth Sharma
2002-08-09 17:31 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031109161122.8833.qmail@web10009.mail.yahoo.com \
--to=bvr96@yahoo.com \
--cc=dagent.geo@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.