How can I launch a private Internet DNS server?
Reindl Harald
h.reindl at thelounge.net
Fri Oct 16 13:18:29 UTC 2020
Am 16.10.20 um 11:34 schrieb Michael De Roover:
> Interesting article, thanks for sharing this! I'm slightly confused
> about some things in it though. Does this mean that any traffic will be
> put on the connection tracker and be treated as stateful unless we use
> CT --notrack, or can the kernel make a heuristic based on what's in the
> iptables rule (i.e. if it only covers a port or a network range, it
> must be stateless)
conntrack is *always* part of the game unless you set "notrck" in the
raw-table which is the only stateless one
raw -> mangle -> filter
at the point conntrack steps in the filter-table with your normal rules
is not part of the game at all
https://stuffphilwrites.com/wp-content/uploads/2014/09/FW-IDS-iptables-Flowchart-v2019-04-30-1.png
More information about the bind-users
mailing list