[sane-devel] nf_conntrack_sane
Olaf Meeuwissen
paddy-hack at member.fsf.org
Sat Feb 9 01:12:36 GMT 2019
Hi Terry,
Terry Spearman writes:
> How do I install and use the netfilter nf_conntrack_sane connection tracking
> module in Centos 7? I've used yum to install conntrack-tools, and also
> keepalive, which the conntrack documentation says is required for the
> conntrack daemon, but I have not been able to find anything in it related to
> sane.
Never noticed that the saned manual page mentioned this, nor had I heard
of that netfilter module before :-?
That said, based on info from the iptables-extra manual page on my
machine, I *think* you would use something like
--match helper --helper sane
to your iptables invocation to track on the default port. For custom
ports, that would become
--match helper --helper sane-####
where #### is the port number.
Don't know how that translates to conntrack-tools, though.
Hope this helps,
--
Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27
GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9
Support Free Software https://my.fsf.org/donate
Join the Free Software Foundation https://my.fsf.org/join
More information about the sane-devel
mailing list