On Thursday 2008-04-24 21:24, Pascal Hambourg wrote: > noa levy a écrit : >> >> When I add a rule to (or delete a rule from) iptables, >> while it is running, does that have any effect on the states in the >> connection tracking table? > > No. > >> Will the table be flushed? > > No. the conntrack table remains; the fw rule table is atomically exchanged. >> Are states linked to the rule that allowed the initial packet in [...] ? > > No. (No,) but parameters attached to rules may get reset when loading a new ruleset into the kernel. Now what constutitues an "attached" data portion hm... xt_quota for example stores its quota counter with the rule. xt_recent for example on the other hand stores its data in a separate malloc'ed area that is safe. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html