On Tuesday 27 July 2004 8:20 am, Ashutosh wrote:
> > No. AFAIK the connection tracking in netfilter checks only src+dst
> > IP+port, nothing else.
>
> .. And the Protocol
Er, well, yes. I kind of took this bit for granted, but you're correct; a
conntrack entry for a TCP connection between a.b.c.d:e and v.w.x.y:z will not
match UDP packets on the same IPs and ports :)
Also, conntrack entries take care of non-TCP/UDP connections (eg ICMP, ESP)
which do not have port numbers, therefore src+dst IP (and protocol) are the
only things matched here.
Regards,
Antony.
--
Normal people think "If it ain't broke, don't fix it".
Engineers think "If it ain't broke, it doesn't have enough features yet".
Please reply to the list;
please don't CC me.
