Sorry to bother anyone, but I'm new to iptables, and I'm debugging a working
production machine, so I can't really test things too much. :-(
Is a connection ONLY added to the state table when the first packet matches a
rule that contains the --state NEW directive, or can it happen in some other
way?
When --state INVALID is matched, is it done only on the source and destination
addresses and ports, or is something else also involved?
Are NAT 'states' available for examination anywhere, like
/proc/net/ip_conntrack?
Thanks for any assistance.
--
Jeff Simmons jsimmons@xxxxxxxxxxxxxxx
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
