Hello,
I was hoping that someone could tell me the difference between these two modules and what they are each used for. Thanks in advance.
ip_conntrack does connection tracking for various protocols, placing entries in the conntrack table and recognising "related" packets etc.
ipt_conntrack is the connection tracking state match, which allows you to write rules matching the state of a connection, eg:
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Regards,
Antony.
-- Anything that improbable is effectively impossible.
- Murray Gell-Mann, Novel Prizewinner in Physics
Please reply to the list;
please don't CC me.
Hello Anthony,
Thanks for your response.
If ipt_conntrack does the state matching then what does the ipt_state module do? All of the rules I have for my firewalls track state, so the ipt_state module gets loaded automatically with the firewall startup script, but ipt_conntrack doesn't, I would have to load it manually if I needed it (or write rules that use it perhaps?). As far as I can tell the state matching is working on my firewall. I really need to get to the bottom of this so I can rule it out on my https://lists.netfilter.org/pipermail/netfilter/2004-January/050005.html problem. Also is the source file for the ip_conntrack module named ip_conntrack_core.c? Thanks again for all your help.
®odre
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=dept/features&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
