On Friday 2010-05-14 02:06, Markus Feldmann wrote: > Thanks for your help, > > I changed this at this afternoon today, because otherwise my server is > not reachable. I changed line 132 and 133 from "state NEW" to the > iptables argument "--syn". > > I have no idea why NEW does not work but --syn. Just to be wary - some distributions use -i/-o lo -j NOTRACK in the raw table, which disables state tracking for loopback. > Question, is a packet still marked as NEW, after it is redirected from > 80 to 443 ??? It is marked as NEW,DNAT (-m conntrack; -m state won't help you) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
