Ping a Specific Port

Question

tex

Asked: 2011-02-12 13:27:54 +0800 CST2011-02-12 13:27:54 +0800 CST 2011-02-12 13:27:54 +0800 CST

How to turn iptables stateless?

772

I'm running a Linux server that - from time to time - faces heavy load and the conntrack table overflows. Since it's iptables firewall ruleset is very simple I'd like to turn it to stateless mode. I know that iptables can operate in stateful connection tracking mode and in a stateless mode.

My firewall rules are all in place I'm pretty sure that they are stateless but my question is how can I verify that the firewall is really operating in stateless mode?

3 Answers

Voted

profy · Answer 1 · 2011-02-12T13:54:58+08:00

Best Answer

profy

2011-02-12T13:54:58+08:002011-02-12T13:54:58+08:00

You need to specify some iptables rules to prevent packets to be conntracked :

iptables -t raw -I PREROUTING -j NOTRACK
iptables -t raw -I OUTPUT -j NOTRACK

20

pepoluan · Answer 2 · 2011-03-08T06:36:43+08:00

pepoluan

2011-03-08T06:36:43+08:002011-03-08T06:36:43+08:00

cat /proc/net/ip_conntrack shows all connection tracking.

So, if it's stateless, the output of the above command should be empty.

(Alternatively, use cat /proc/net/nf_conntrack)

5

Zoredache · Answer 3 · 2011-02-12T13:53:27+08:00

Zoredache

2011-02-12T13:53:27+08:002011-02-12T13:53:27+08:00

Install conntrack, and look at the output. I am pretty sure if you are stateless no connections will be displayed.

4

How to turn iptables stateless?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?