> connection track(Iptables) and stateful > inspection(Check Point Firewall) is same??? > I think: > connection track is only "track", can not filter. > stateful inspection can filter according to the packet > information. Is that correct? what is the difference between > connection track and stateful inspection??? I think you misunderstood something ; iptables is the userspace program for Netfilter. As in NetFILTER. Which means it is able to filter. That's why there are 3 tables with filter being the default table. You can filter just fine using iptables. And you can make it stateful by using the conntrack modules. Gr, Rob
