Hello, > > Read the really-really-really-nice manpage (which has gotten so much care > from me). I mean, hey, it's directly below --ctstate! :-) > > [!] --ctproto l4proto > Layer-4 protocol to match (by number or name) Hmm... so, you mean that the established connection doesn't makes the difference between the different protocols, as long as those aren't specified with "--ctproto". So, if I got an established TCP-connection, I can do run any other protocol (UDP, ... and in particular shim6 ;-) in any direction. And also on any port number? Sorry, but I think, that it's not clear, what is stored in the state, of a connection, if the iptables rule doesn't specifies the protocol, portnumber, ... Thanks for answering, and have a nice day... Christoph Paasch -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
