[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Modify packet without NAT
From:       Kerin Millar <kfm () plushkava ! net>
Date:       2023-06-18 16:18:33
Message-ID: 20230618171833.6ce0835a22deed6aa70b4145 () plushkava ! net
[Download RAW message or body]

On Sun, 18 Jun 2023 14:34:31 +0000
public1020 <public1020@proton.me> wrote:

> The system is IPv4 and intranet only, suppose I'm going to increase the hash size, 

You should definitely increase the capacity of the conntrack table. I would just add \
that many rulesets have no particular need for traffic traversing the loopback \
interface to be tracked. Should this apply to you, some memory can be saved by \
implementing a rule such as "-t raw -A OUTPUT -o lo -j CT --notrack".

-- 
Kerin Millar


[prev in list] [next in list] [prev in thread] [next in thread]