state NEW

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi,

i have the following forwarding rule

$IPT -A FORWARD -i $INT -o $EXT -m state --state NEW,ESTABLISHED,RELATED -j
QUEUE
$IPT -A FORWARD -i $EXT -o $INT -m state --state ESTABLISHED,RELATED     -j
ACCEPT

if i send an ACK with hping from INT to EXT it reaches the target system

if i do

$IPT -A FORWARD -i $INT -o $EXT -m state --state NEW -j ACCEPTLOG
$IPT -A FORWARD -i $EXT -o $INT -m state --state ESTABLISHED,RELATED-j
ACCEPT

i can see the following

Nov 19 12:05:20 snolin kernel: ACPT IN=eth0 OUT=ppp0 SRC=1.1.1.1 DST=2.2.2.2
LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=12368 PROTO=TCP SPT=2618 DPT=63
WINDOW=512 RES=0x00 ACK URGP=0

did i have a false understanding from NEW or whats wrong

thx for help
jo
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux