NEW is a packet which the firewall did not see before( Yes , meeting a new person today) ESTABLISHED - Is a connection that already exists ( an open session: Meeting a girl in the way to the store ( NEW ) then meeting her in our way back from the store ( ESTABLISHED - we are already familiar ). SYN is a part of TCP ( http://en.wikipedia.org/wiki/Transmission_Control_Protocol- this could help understand better ). the 3-way handshake is done: "SYN" -> "SYN ACK" -> "ACK" The reply of SYN-ACK Transfer the state to ESTABLISHED. Kind regards Levi Yechiel On Thu, May 13, 2010 at 9:45 PM, Markus Feldmann <feldmann_markus@xxxxxx> wrote: > Curby schrieb: >> >> On Thu, May 13, 2010 at 12:05 PM, Markus Feldmann >> <feldmann_markus@xxxxxx> wrote: >>> >>> What are CTs? >> >> Mebbe Conntrack? The basic point that Jan's trying to make is that >> NEW/ESTABLISHED/INVALID/RELATED describes packets as they're seen by >> the connection tracking. It is not necessarily related to whether a >> TCP packet has the SYN flag set. >> >> If a new and valid ICMP ping packet comes in, it's considered NEW by >> conntrack because it's not associated with any other traffic, not is >> it INVALID. That's an example of NEW packets that don't have to be >> TCP SYN. > > I try an example and you say whether i am right. > > If i meet a girl, which i doesnt meet before, than she is NEW. > When i meet a girl every day which, than she is only new at the first meet > but the meeting is every day a new experience (syn). > > Is that correct? > > So the state NEW is the sight view of my computer and the syn only means, > there is a foreign computer which wants to establish a new connection. > > Ist that right? > > If that is right than i need the --syn argument not the state NEW for my > apache-server. > > regards Markus > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
