Now that you mention it it's true that I don't know if the TCP NAT connections are monitored and closed when the TCP connection itself finishes. I sure like it would. However it means that the NAT would have different behaviour depending on the protocol (IP, UDP, TCP, SCTP ) is that the case ? is it linked to the connection monitoring ? I think I'll run some tests tomorow, trying to open a tcp socket on the same port just after having unauthorised that IP and closed the previous socket. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
