Le mar 17/06/2003 à 01:34, John Sage a écrit : > From man 8 iptables, and the Linux 2.4 Packet Filtering HOWTO: > "--state [state] > Where state is a comma separated list of the connection states > to match..." > "Specifying `-m state' allows an additional `--state' option, which is > a comma-separated list of states to match (the `!' flag indicates not > to match those states). These states are..." > Is this comma-separated list creating a series of AND's or OR's? OR > Thus -m state --state INVALID,NEW is > INVALID AND NEW > or > INVALID OR NEW? INVALID OR NEW A packet has only one state at time. So, AND does not make sens at all. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> Consultant en sécurité des systèmes et réseaux - Cartel Sécurité Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
