On Fri, Jan 23, 2004 at 07:48:22PM +0000, Antony Stone told us: > > - Unless anyone else around here can give a good answer to this??? Hmmm...don't know if this is a good answer ;-) The state match "just" allows you to match the well known states NEW, ESTABLISHED, RELATED and INVALID. The conntrack match gives you some more insight on the information, e.g. you have additional states SNAT and DNAT, or you can match by original source or dest address, or use the in-kernel conntrack's internal states (ASSURED...). Never needed this myself, just looked it up in the iptables(8) manpage. > > Regards, > HTH Sven -- Linux zion 2.6.1 #2 Mon Jan 12 14:25:44 CET 2004 i686 athlon i386 GNU/Linux 00:08:24 up 11 days, 5:39, 3 users, load average: 0.00, 0.02, 0.00
Attachment:
pgp00736.pgp
Description: PGP signature
