kernel: CONFIG_NF_CONNTRACK=y
Henrik Nordström
henrik at henriknordstrom.net
Sat May 14 19:29:03 UTC 2011
lör 2011-05-14 klockan 12:10 -0400 skrev Dave Jones:
> It used to be a module, but was converted to built-in as we were always
> loading it in the network scripts. A lot of the decisions made in
> those '5 second boot' days seem a bit boneheaded in hindsight.
> For f16, we should do a good re-review of such decisions, and decide what
> makes sense and what doesn't, and where possible fix the startup scripts
> instead of working around them.
Personally I would like conntrack to be made a module again. Have
appliance applications where it's not wanted, just making a mess of
things. The workaround is using some NOTRACK iptables rules but..
and no, conntrack is not always needed. There is insalls with the
firewall disabled (and not using libvirt private networking).
Regards
Henrik
More information about the devel
mailing list