On Sun, 2005-03-13 at 21:09, Jeff Simmons wrote: > The ip_conntrack module adds ALL connections to the conntrack table? Even ones > where the state isn't used by the filter table? yes. unless you have compiled in support for the raw table and use the NOTRACK target to disable connection tracking for specific connections. the "-m state --state X" match is just a match, not a directive to do anything. -j -- "Call this an unfair generalization if you must, but old people are no good at everything." --The Simpsons
