Gilad Benjamini wrote: > Is there a way to match a packet against a connection's direction ? > > e.g. apply this rule > iptables -A chain --destination mymachine -m state --state ESTABLISHED > -j another_chain > only to packets belonging to CONNECTIONS with destination mymachine > > conntrack definitely knows has this information. Yes it does, but I don't think anyone has written a match to access it. Can you give an example of what action another_chain does that you only want to do for one direction? Maybe there is another way to solve your problem. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
