On Sunday 13 March 2005 17:42, Jason Opperisano wrote:
> > Is a connection ONLY added to the state table when the first packet
> > matches a rule that contains the --state NEW directive, or can it happen
> > in some other way?
>
> connections begin getting added to the conntrack table as soon as the
> ip_conntrack module is loaded.
The ip_conntrack module adds ALL connections to the conntrack table? Even ones
where the state isn't used by the filter table?
--
Jeff Simmons jsimmons@xxxxxxxxxxxxxxx
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
