Bart De Schuymer wrote: > There are 4 possible states: > - INVALID: something invalid :) > - NEW: new connection > - RELATED: related new connection
RELATED: related to an existing connection. This includes reletd ICMP, and expected secondary connections. > - ESTABLISHED: the rest ESTABLISHED: where traffic has or is beeing seen in both directions. > So: the first valid response to a packet sent to the outside will have the > state ESTABLISHED. > The man page of iptables is a bit unclear about the definition of > ESTABLISHED if you ask me... The trap quite many go into is thinking there is a relation between the netfilter conntrack states and the TCP states. There is not. netfilter only cares about packet directions, not SYN flags etc. When you accept ESTABLISHED, you SHOULD also accept RELATED. If not some things will break. Regards Henrik Nordstr�m _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
