It seems that the state monitoring ( -m state --state .... ) is valid in various tables and chains. My question is does it make any difference? Say I need to monitor all the traffic that are started from from an application, even if it is using dynamic ports, where I put the state monitoring, PREROUTING , FORWARD or others ? For example, assuming a ftp packet is entering eth1 and get DNAT-ed into an internal server 192.168.0.99 at PREROUTING and then gotten forward at FORWARD chain, is there any difference with one of these :- iptables -t nat -I PREROUTING -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED iptables -I FORWARD -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED
