>Hello, > >Gilad Benjamini a écrit : >> Is there a way to match a packet against a connection's direction ? >> >> e.g. apply this rule >> iptables -A chain --destination mymachine -m state --state ESTABLISHED >> -j another_chain >> only to packets belonging to CONNECTIONS with destination mymachine > >I think the 'conntrack' match is what you need. > >-m conntrack --ctorigdst <mymachine> --ctstate ESTABLISHED This would work in the specific example but not in the more general case. Suppose my rule is based on interface, port, or any other thing that does not include the source and/or destination. I am looking for a more generic approach "If a packet matches <condition> and the state is ESTABLISHED and the packet is in the same direction as the connection, then do <something>" - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
