'not syn' packets are any TCP packets that don't contain the SYN flag. "NEW" packets are ones for which conntrack cannot find an existing entry in the conntrack table. Asymmetric routing, routing changes, timeouts, evictions from the table caused by large amounts of traffic.. All of these could be reasons why an entry doesn't exist in the table for a non-SYN packet. -- Paul Evans <paul@xxxxxxxxxxxxx> Tel: +44 (0) 845 666 7778 Fax: +44 (0) 870 163 4694 http://www.mxtelecom.com
Attachment:
signature.asc
Description: PGP signature
