Well, yes, but my question is not whether someone is spoofing my ip, but whether the iptables connection tracking code should match the icmp packet if there was no packet sent out.
Will someone explain whether the match is the expected behavior of this rule, or if this match is a misuse of the conntrack module by me.
Or is this possibly a bug in connection tracking?
What is this icmp packet related to? What established connection does it match? Could this rule match other protocols? Could this be a risk?
If it is a bug, or if no one knows, I will report it.
I am grateful for the effort that the developers have put into creating and maintaining iptables, and I am simply trying to do my part to help with the maintainence.
By the way, Antony, thanks for the jokes. I have been trying to recall that last one for years. It never gets old, only I do.
Jim Laurino
