On Tue, Apr 03, 2001 at 08:18:21AM +0200, Bjoern Engels wrote:
Connection tracking doesn't use flags to determine if a connection was startet from inside or outside - and this is the big advantage over ipchains. If a packet is sent out to initiate a new connection, an entry is being written to the connection table to keep track of the connection and possibly allow the reply froom outside. UDP doesn't use flags, too, and you can keep track of those sessions as well as icmp's.
I don´t think so. According to some threads in netfilter-ml the connection tracking code currently requires a udp packet in both directions before considering a connection to be established. Therefor how it is possible to conntrack icmp if there are only 2 packets? Ping and reply for example? Marco -- Marco Ahrendt phone : +49-341-98-474-0 adconsys AG fax : +49-341-98-474-59 Karl-Liebknecht-Str. 19 email : marco.ahrendt@adconsys.de 04107 Leipzig/Germany gnupg key at www.aktex.net/marco_work.asc