On Friday 19 April 2002 2:39 pm, Ramin Alidousti wrote: > Is it not because of the NEW state in the second and third rule? > Once the first rule matches then the conntrack entry gets created > for that connection which makes it an ESTABLISHED for the second > and third rule.
Surely a NEW connection can only become ESTABLISHED after the first packet has been ACCEPTed, and the next packet/s come along in the TCP three-way handshake ? If a "-j LOG" rule could turn a NEW connection into an ESTABLISHED one, then a lot of the stuff I drop after logging it would appear to be ESTABLISHED - not at all what I want ! Antony.
