On Sat, 2003-10-11 at 12:26, Cedric Blancher wrote: > I agree. > To me, theses two rulesets are equivalent for HTTP packets, but first > one implies one more rule evaluation than the second one for ESTABLISHED > packets that are destined to TCP/80. > > PS : there's no RELATED packets in HTTP ;) Not precisely true - there are ICMP messages that may arrive in response to HTTP requests that are RELATED. j
