On Wednesday 2005-September-14 06:35, Rob Sterenborg wrote: > Looking at http://www.faqs.org/docs/iptables/traversingoftables.html > a packet uses all tables, but not all chains. A more recent version of the same thing is at http://iptables-tutorial.frozentux.net/chunkyhtml/c951.html However neither version has been updated to include the new raw table, which IIUC breaks that rule. Packets changed in the raw table do bypass the filter table, and perhaps others as well. I'm not using raw yet, thus am not sure of the details. Joerg's response was accurate but might be said to suffer from TCP tunnel vision: SYN is only used in TCP. Connection tracking supports non-TCP protocols as well. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
