Hi Pablo, I could understand the ctinfo is IP_CT_RELATED_REPLY when reject with ICMP. Because ICMP reply does not belong to the original conntrack. But why it is IP_CT_RELATED_REPLY too when reject with TCP RST? The RST reply should belong the original conntrack. Is it expected or one bug? If it is one bug, I could try to fix it. Regards Feng -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
