On September 28, 2004 10:48 am, Mohamed Eldesoky wrote: > Well, I want to make sure that it remembers only connections that > passes THROUGH it !! Are you saying you don't want to track local connections? This file keeps track of anything that *_conntrack_* would watch. As far as I know this includes local connections -- If you are accepting any connections locally, they are very likely in this table. I've seen at least one discussion about breaking this up into different files. That gets messy very quicky from a code point of view, as well as from a logic point of view. I certainly prefer the idea of having one place to track connections. Alistair Tonner > > On 28 Sep 2004 16:27:53 +0200, Jose Maria Lopez <jkerouac@xxxxxxxxx> wrote: > > El mar, 28 de 09 de 2004 a las 09:59, Mohamed Eldesoky escribió: > > > But still, > > > The /proc/net/ip_conntrack should contain all connections tracked by > > > that firewall (ie, passing through the firewall), am I right ?? > > > > Yes, and it will remember the connections made for a time. It's > > a list of all the connections the conntrack system have seen, and > > it's used to check the established and related connections. > > > > > > > > -- > > Jose Maria Lopez Hernandez > > Director Tecnico de bgSEC > > jkerouac@xxxxxxxxx > > bgSEC Seguridad y Consultoria de Sistemas Informaticos > > http://www.bgsec.com > > ESPAÑA > > > > The only people for me are the mad ones -- the ones who are mad to live, > > mad to talk, mad to be saved, desirous of everything at the same time, > > the ones who never yawn or say a commonplace thing, but burn, burn, burn > > like fabulous yellow Roman candles. > > -- Jack Kerouac, "On the Road"