Re: matching the first packet of a connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thomas Jones schrieb: 
Eric Leblond wrote:


Hi,

I'm trying to match the first packet of a connection : for a TCP
connection I want to match the first SYN packet received by the firewall
and ignore the possible reemission, in fact I want to accept them.

Is this possible ?

I've try to use the conntrack module but I was not successful.

BR,



The "tcp filter" Table Match Operations provide:

-p tcp --syn

Thomas


or something like this:
-p tcp --tcp-flags ALL SYN -m state --state NEW


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux