Maarten Vanraes a écrit : > > so, even some kind of odd udp reply will still be the same connection if it's > within 30seconds? Not odd. The reply packet has to match the addresses and ports in the original packet (with source and destination swapped). > so, i can use connmark on not just TCP, but on all protocols? Not all protocols, but any protocol implementation which behaves in the way expected by conntrack. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
