----- Original Message ----- From: "Jin Hong (ȫ��)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, December 16, 2001 10:13 AM Subject: [Bridge] conn-track ESTABLISED matching everthing
> Hello. Hi, <snip> > "ESTABLISHED" matches packets that uses a connection "which has seen > packets in both directions". > When I telnet from "myhost" to "outside", "myhost" first sends a syn packet. > The acknowledgement packet comming from "outside" does not match any > "ESTABLISHED" connection, so should be droped following the "policy". > So we should not be able to make any connections from "myhost". There are 4 possible states: - INVALID: something invalid :) - NEW: new connection - RELATED: related new connection - ESTABLISHED: the rest So: the first valid response to a packet sent to the outside will have the state ESTABLISHED. The man page of iptables is a bit unclear about the definition of ESTABLISHED if you ask me... cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
