If you have nothing against ip_conntrack, use -m state --state NEW and accepts those connections On 5/4/05, Eric Leblond <eric@xxxxxx> wrote: > Hi, > > I'm trying to match the first packet of a connection : for a TCP > connection I want to match the first SYN packet received by the firewall > and ignore the possible reemission, in fact I want to accept them. > > Is this possible ? > > I've try to use the conntrack module but I was not successful. > > BR, > -- > Eric Leblond <eric@xxxxxx> > > -- Bla bla
