From bbcdcc5fc45606081b41191b32891215f7f134e6 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 1 Feb 2011 00:26:12 +0100 Subject: doc: remove reference to the CT target Sorry, the iptables CT target is not yet ready for use until some patches are pushed to the Linux kernel. Signed-off-by: Pablo Neira Ayuso --- doc/manual/conntrack-tools.tmpl | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'doc') diff --git a/doc/manual/conntrack-tools.tmpl b/doc/manual/conntrack-tools.tmpl index 8a4e15d..affeb66 100644 --- a/doc/manual/conntrack-tools.tmpl +++ b/doc/manual/conntrack-tools.tmpl @@ -592,29 +592,6 @@ Sync { - -Filtering Connection tracking events with iptables - - Since Linux kernel >= 2.6.34, iptables provides the - CT iptables target that allows to reduce the - amount of Connection Tracking events that are delivered to user-space. - The following example shows how to only generate the - assured event: - - - # iptables -I PREROUTING -t raw -j CT --ctevents assured - - - Assured flows - One flow is assured if the firewall has seen traffic for it in - both directions. - - - Reducing the amount of events generated helps to reduce CPU - consumption in the active firewall. - - - Troubleshooting -- cgit v1.2.3