Yes . . . the following is excerpted from the IPTables Tutorial: "All of the connection tracking is done by special framework within the kernel called conntrack. Most of the time, we need and want more specific connection tracking than the default conntrack engine can maintain. Because of this, there are also more specific parts of conntrack that handles the TCP, UDP or ICMP protocols among others. These modules grabs specific, unique, information from the packets, so that they may keep track of each stream of data. The information that conntrack gathers is then used to tell conntrack in which state the stream is currently in. For example, UDP streams are, generally, uniquely identified by their destination IP address, source IP address, destination port and source port." -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Josh.Berry@xxxxxxxxxxxx Sent: Friday, August 29, 2003 7:39 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: IPTables State Tracking Does IPTables track virtual state of ICMP and UDP packets? I know that UDP and ICMP are not stateful connections, but does IPTables perform pseudo-stateful tracking of these connections such as some other firewalls that basically timeout UDP/ICMP connections after a specific time? Thanks, Josh Berry Information Security Group 972-856-5402
