in the LARTC-HowTo is an example given for matching packets with the ACK-bit set.
Does "IP Total length 0x34 (ACK + 12 bytes of TCP options)" (from the HowTo) mean that you are just matching Packets with an ACK set but without any data? If I am right, this would mean that just Forward-Acknowledgements are matched, isn't it?
What about matching ACKs with iptables, is it possible to mark Packets with ACK set but without data?
bye, Hannes
