ip connection tracking is what it says and using rules like $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT makes the existing connections automatically excepted, like an SSH connection will continue to work after the first SYN is accepted as the connection would be established and ip_conntrack will keep a record of the connection while it's still up. Without ip_conntrack, the --state module would not work... correct me if I'm wrong guys.. ;) Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: netfilter_user [mailto:netfilter_user@xxxxx] Sent: Thursday, May 22, 2003 6:18 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: ip_conntrack Hello everyone, I have got very simply and basic quastion. What ip_cpnntrack and ip_cpnntrack_ftp realy do? Tracking connection or something more? -- Best regards, mailto:netfilter_user@xxxxx
