Page 1 of 1

Connection Tracking Feature Suggestion - Per destination CT.

Posted: Fri Dec 16, 2011 6:20 pm
by NetworkPro
Hello.

I believe it would be useful if routed packets go through connection-tracking (and therefore consume more processing power) only if we want them to and that it would be useful if we could control this. Possibly by destination subnet - for example all our clients with Public IPs.

This way we would offload conntrack and save CPU and have more confidence that IP packets are not "touched" in any way while passing through the Linux-kernel based MikroTik RouterOS :)

What do you think?


Thanks.

Re: Connection Tracking Feature Suggestion - Per destination

Posted: Mon Dec 19, 2011 3:53 pm
by janisk
you think like -
/ip firewall connection tracking set enabled=no
or switch the ports, if that is an option on the hardware.

Re: Connection Tracking Feature Suggestion - Per destination

Posted: Mon Dec 19, 2011 5:51 pm
by changeip
No, he is asking for selective conntrack. I would love to exclude certain traffic from it as well, ie the trillions of udp/53 packets coming into our network from 2+ million source ip addresses. No need to create conntrack entry for them.

Ive seen linux be able to do this I believe ...

Re: Connection Tracking Feature Suggestion - Per destination

Posted: Tue Dec 20, 2011 1:39 pm
by Chupaka
Ive seen linux be able to do this I believe ...
http://security.maruhn.com/iptables-tutorial/x4156.html

Re: Connection Tracking Feature Suggestion - Per destination

Posted: Sat Jan 21, 2012 7:22 pm
by LukasSVK
+1, i need this feature too :)

Re: Connection Tracking Feature Suggestion - Per destination

Posted: Wed Feb 15, 2012 2:26 pm
by thavinci
+1 for this feature aswell...