On Sat, 2004-07-24 at 05:16, Chris Brenton wrote: > The problem is a majority of the time check would end up reporting "it > depends". For example what if you try and check what would happen to "a > packet coming from the Internet to an internal system from 22/TCP to an > upper port number, with the ACK flag set and "foo" in the payload. You > may not have a rule that specifically lets this traffic through, but it > might actually pass if it ends up being a state match due to an initial > outbound SYN packets. So how iptables would handle this packet "depends" > on what traffic went by prior to it. I'm not sure how that affects the ability to report what it would do with a packet "right now" and why, or the users need for this report when trying to debug a problem. I have a situation where I can see strange results with tcpdump and would like to know what combination of rules is causing it. --- Les Mikesell les@xxxxxxxxxxxxxxxx
