Re: track bandwith used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 30 June 2004 5:51 pm, Peter Marshall wrote:

> You could make a connection out to a remote server.  That remote server
> might try to make a connection back to us that has nothing to do with the
> reason we connected to them.

Such a connection would not be regarded as RELATED by the netfilter code.

>  But the server may see it as related and allow it.

I think you should read about netfilter's definition of RELATED.   It doesn't 
just mean "any packet which comes back from an IP address we're already 
talking to".

For example, I said that FTP data connections were RELATED to the FTP control 
connection - but that is only if you have loaded the FTP Conntrack Helper 
module, or compiled FTP Conntrack support into your kernel.   That helper is 
what RELATEs the two parts of FTP together in netfilter.

Basically, if you don't have a helper module which understands why a 
connection should be RELATED to another one, then it won't be.

Arbitrary packets from IP addresses which happen to be part of an ESTABLISHED 
connection don't count - they will be seen as NEW incoming connections, and 
make their own way through your ruleset (until they are persumably DROPped), 
having no assiciation whatever to anything else which may be in your 
connection tracking table.

Hope this clarifies things?

Regards,

Antony.

-- 
Ramdisk is not an installation procedure.

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux