| 1 |
I'm working my way thru this document: |
| 2 |
http://gentoo-wiki.com/HOWTO_Iptables_and_stateful_firewalls |
| 3 |
|
| 4 |
Somewhere in this part: #Should_I_take_this_tutorial |
| 5 |
(add it to the above url) |
| 6 |
|
| 7 |
Once there scan for the work /proc and a few hits will get you to this |
| 8 |
line: (emphasis is mine) |
| 9 |
|
| 10 |
If you've already rebooted and are using your new netfilter-enabled |
| 11 |
kernel, you can view a list of active network connections that your |
| 12 |
machine is participating in by typing |
| 13 |
|
| 14 |
"cat/proc/net/ip_conntrack". |
| 15 |
|
| 16 |
Even with no firewall configured, Linux's |
| 17 |
conntrack functionality is working behind the scenes, keeping track |
| 18 |
of the connections that your machine is participating in. |
| 19 |
|
| 20 |
I don't see that on a machine where I've tried to pick every iptable |
| 21 |
and contrack setting for the kernel I could find. Including the ones |
| 22 |
on that page that are still around. |
| 23 |
|
| 24 |
find /proc -iname '*conntrack*' |
| 25 |
or even |
| 26 |
find /proc -iname '*con*' |
| 27 |
|
| 28 |
Turns up nothing even close. Does it mean I'm still missing something |
| 29 |
in the kernel build? or is it just baloney or out of date? |
| 30 |
|
| 31 |
It claims you should see this even if you aren't running iptables yet |
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-user@l.g.o mailing list |
Archives