On Thu, May 13, 2010 at 12:05 PM, Markus Feldmann <feldmann_markus@xxxxxx> wrote: > What are CTs? Mebbe Conntrack? The basic point that Jan's trying to make is that NEW/ESTABLISHED/INVALID/RELATED describes packets as they're seen by the connection tracking. It is not necessarily related to whether a TCP packet has the SYN flag set. If a new and valid ICMP ping packet comes in, it's considered NEW by conntrack because it's not associated with any other traffic, not is it INVALID. That's an example of NEW packets that don't have to be TCP SYN. --Mike -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
