Quick one: Does the state match 'INVALID' include tcp connections in an invalid state (e.g. fin when there is no valid connection, rst without a valid connection etc)? The man entry "Possible states are INVALID meaning that the packet could not be identified for some reason which includes running out of memory and ICMP errors which don't correspond to any known connection," doesn't really clarify whether it will or will not... (I know I can easily set up a test to prove it but just about to leave for the day and just struck me I didn't know the answer) -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
