I'm setting a firewall config for different distros/versions and I need to setup NOTRACK for DNS traffic.
On CentOS 7 (iptables v.1.4.21), I need to write like this:
-A PREROUTING -p udp -m udp --dport 53 -j CT --notrack
and on CentOS 6.5 (iptables v1.4.7), I need to write like this:
-A PREROUTING -p udp -m udp --dport 53 -j NOTRACK
I'd like to setup a script to test the iptables version and use the right syntax but I can't find which version changed it.
Okay, found that the CT target was added to kernel 2.6.34, and iptables 1.4.8 supports all new features of this kernel.