Hi, to figure out what Netfilter actually does, we add a rule to match incoming DNS replies for demonstrational purposes: iptables -I INPUT -p udp --sport 53 -m conntrack --ctstate ESTABLISHED as one would expect, ESTABLISHED matches. Now, after the DNS reply has been received, running `conntrack -L | grep udp` does not show the string "ESTABLISHED" at all, even if I run it within the UDP conntrack timeout. Glitch/Bug in /usr/sbin/conntrack? - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
