Tue Sep 04, 2007 10:31 pm
there are many reasons to disable connection tracking... if you need high performance and don't need any firewalling / etc.
some clarification if anyone knows:
1. action=mark-packet should work without connection table because it's only alive while it traverses the router, correct?
2. action=mark-routing should work without connection table because it's only based on the single packet that rule is being applied to, correct ?
3. If you use a specifier to determine if it's within an ongoing connection-mark then you need the connection tables, correct?
4. ip fragmentation is not handled without connection tracking. if packets are fragmented they may not match a rule because they are split into multiple packets and not handled automatically.
Sam