also sprach Jozsef Kadlecsik <[EMAIL PROTECTED]> [2006.07.04.1130 +0200]: > > is the same, meaning that the INVALID state matches all non-SYN > > packets at this point. > > That's plain false: the INVALID state does not match all non-SYN packets > at that point. It's nowhere written or stated in any decent documentation.
Let me get this straight: http://www.faqs.org/docs/iptables/userlandstates.html The INVALID state means that the packet can not be identified or that it does not have any state. From what I was told, a packet that is not ESTABLISHED or RELATED, but does not have the SYN bit set cannot be identified and thus has no state. I seem to recall it was actually an iptables developer who told me that INVALID = ALL - (ESTABLISHED + RELATED + NEW). -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system linux: because a pc is a terrible thing to waste
signature.asc
Description: Digital signature (GPG/PGP)