On Friday 23 January 2004 6:14 pm, Rodre Ghorashi-Zadeh wrote:
> If ipt_conntrack does the state matching then what does the ipt_state
> module do?
Indeed - a good question.
To quote from the comments at the top of ipt_state.c and ipt_conntrack.c:
(ipt_state.c)
/* Kernel module to match connection tracking information.
* GPL (C) 1999 Rusty Russell (rusty@xxxxxxxxxxxxxxx).
(ipt_conntrack.c)
/* Kernel module to match connection tracking information.
* Superset of Rusty's minimalistic state match.
* GPL (C) 2001 Marc Boucher (marc@xxxxxxx).
So, the answer is that they are both connection trackinf state matches, but
ipt_conntrack claims to be a more comprehensive one.
To find out more I suggest you look at the source code of each, or ask on the
developers' list.
- Unless anyone else around here can give a good answer to this???
Regards,
Antony.
--
In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.
In poetry, it is the exact opposite.
- Paul Dirac
Please reply to the list;
please don't CC me.
