I believe that a UDP packet that passes through the filters opens a 30 second window for replies. If a reply comes this is considered to be a conversation and the window is extended to 180 seconds. I think the window is extended as long as the conversation continues. For ICMP I believe only types echo, timestamp, info request, and address can open a 30 second window for a single reply. The window is closed when a reply is received. This is from netfilter Red Hat 8, kernel 2.4.18. Someone who has actually worked on the code may know better. jim mullens -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Josh.Berry@xxxxxxxxxxxx Sent: Friday, August 29, 2003 10:39 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: IPTables State Tracking Does IPTables track virtual state of ICMP and UDP packets? I know that UDP and ICMP are not stateful connections, but does IPTables perform pseudo-stateful tracking of these connections such as some other firewalls that basically timeout UDP/ICMP connections after a specific time? Thanks, Josh Berry Information Security Group 972-856-5402
