On Wed, 21 Oct 2009, Leonardo Rodrigues wrote: > recently i have read a nice documentation with some hints for making good > rulesets .... and one caught my attention > > http://jengelh.medozas.de/documents/Perfect_Ruleset.pdf > > Towards the perfect ruleset > Jan Engelhardt > August 2009 > > 5 Modern extensions > De-facto obsolete extensions: > * -m state: replaced by -m conntrack > > i must confess i dont recall reading about state module being obsoleted by > conntrack one ..... is that true ??? I know conntrack has more options .... > but that it obsoleted state, that i dont remember .... Technically the conntrack match supersedes - and so obsoletes - the state match. But practically the state match is not obsoleted in any way. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
