Am Don, 2003-08-28 um 13.33 schrieb Christof Nyffenegger: > --- Jim Carter <jimc@xxxxxxxxxxxxx> schrieb: > > Hmmm, good point. However, I think a packet is considered to be part of an > > established connection because it has particular header bits set, not > > because of IP address matching in the conntrack tables. Someone who's more > > familiar with the sources, could you please confirm or correct this > > statement? No bits in the header. It is simply matching the IP addresses, protocol and ports. If you add the TCP-Window-Tracking patch it does more. At the moment TCP is handled just like UDP, ICMP, and generic protocols. If the client behind the firewall sends an ACK the connection is automatically picked up by iptables. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
