yes it does. Thank you very much. I have been looking for an explanation
like that on the net. :)
Do you have a link to where this netfilter documentation is ?
Peter
----- Original Message -----
From: "Antony Stone" <Antony@xxxxxxxxxxxxxxxxxxxx>
To: "netfilter" <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, June 30, 2004 2:07 PM
Subject: Re: track bandwith used
On Wednesday 30 June 2004 5:51 pm, Peter Marshall wrote:
> You could make a connection out to a remote server. That remote server
> might try to make a connection back to us that has nothing to do with the
> reason we connected to them.
Such a connection would not be regarded as RELATED by the netfilter code.
> But the server may see it as related and allow it.
I think you should read about netfilter's definition of RELATED. It
doesn't
just mean "any packet which comes back from an IP address we're already
talking to".
For example, I said that FTP data connections were RELATED to the FTP
control
connection - but that is only if you have loaded the FTP Conntrack Helper
module, or compiled FTP Conntrack support into your kernel. That helper is
what RELATEs the two parts of FTP together in netfilter.
Basically, if you don't have a helper module which understands why a
connection should be RELATED to another one, then it won't be.
Arbitrary packets from IP addresses which happen to be part of an
ESTABLISHED
connection don't count - they will be seen as NEW incoming connections, and
make their own way through your ruleset (until they are persumably DROPped),
having no assiciation whatever to anything else which may be in your
connection tracking table.
Hope this clarifies things?
Regards,
Antony.
--
Ramdisk is not an installation procedure.
Please reply to the
list;
please don't CC
me.
