short of obtaining the RouterOS kernels and physically examining the source myself, can anyone say with any certainty whether or not the RouterOS kernels' conntrack modules have the various patches & configurable parameters in place to allow one to enable or disable tcp connection pickup? such support has been in linux kernels for quite some years now, but there's typically a parameter exposed in /proc required to control this.
i ask, because for the highest security environments, i prefer the more strict discipline enforced by connection pickup DISABLED, and that requires ip_conntrack_tcp_loose to be set to zero, but i'm unclear what its current setting (if existent) might be, or how i might set it given that on a routerboard, we don't have access to the underlying OS...
sorry for what feels like a stupid question, but i'm coming up utterly short in information.
Cheers
Peter