Hi all
short of obtaining the RouterOS kernels and physically examining the source myself, can anyone say with any certainty whether or not the RouterOS kernels' conntrack modules have the various patches & configurable parameters in place to allow one to enable or disable tcp connection pickup? such support has been in linux kernels for quite some years now, but there's typically a parameter exposed in /proc required to control this.
i ask, because for the highest security environments, i prefer the more strict discipline enforced by connection pickup DISABLED, and that requires ip_conntrack_tcp_loose to be set to zero, but i'm unclear what its current setting (if existent) might be, or how i might set it given that on a routerboard, we don't have access to the underlying OS...
sorry for what feels like a stupid question, but i'm coming up utterly short in information.
Cheers
Peter