Curby schrieb:
On Thu, May 13, 2010 at 12:05 PM, Markus Feldmann
<feldmann_markus@xxxxxx> wrote:
What are CTs?
Mebbe Conntrack? The basic point that Jan's trying to make is that
NEW/ESTABLISHED/INVALID/RELATED describes packets as they're seen by
the connection tracking. It is not necessarily related to whether a
TCP packet has the SYN flag set.
If a new and valid ICMP ping packet comes in, it's considered NEW by
conntrack because it's not associated with any other traffic, not is
it INVALID. That's an example of NEW packets that don't have to be
TCP SYN.
I try an example and you say whether i am right.
If i meet a girl, which i doesnt meet before, than she is NEW.
When i meet a girl every day which, than she is only new at the first
meet but the meeting is every day a new experience (syn).
Is that correct?
So the state NEW is the sight view of my computer and the syn only
means, there is a foreign computer which wants to establish a new
connection.
Ist that right?
If that is right than i need the --syn argument not the state NEW for my
apache-server.
regards Markus
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
