Is conntrack the "memory" of iptables that allows it to make filtering decisions based on history of network traffic in and out of PC???
Imagine a private LAN PC trying to do DNS thru an SSH-only DNAT/SNAT firewall... it is the conntrack that allows ESTABLISHED/RELATED packets to bypass the rules allowing DNS to work right? How can *ipchains* do DNS thru an SSH-only ipchains firewall since it does *not* have conntrack!!! It must have some other mechanism right? What? Chris -- _______________________________________ Dr. Christian Seberino SPAWAR Systems Center San Diego Code 2363 53560 Hull Street San Diego, CA 92152-5001 U.S.A. Phone: (619) 553-7940 Fax: (619) 553-2836 Email: [EMAIL PROTECTED] _______________________________________
