> I have a couple of questions about when, exactly, a state table
> entry is created... first of all, I'm assuming that the state
> module classifies every packet into one of exactly 4 categories,
> NEW,RELATED,ESTABLISHED, and INVALID. If this is incorrect then
> let me know.
Essentially yes. There are more "internal" states that the tcp stuff uses,
but for the rules the packet will fall into one of the above.
> My question is, if I don't invoke the state module on that last
> line there, is it making the state table entry in the way that is
> sensible?
connection tracking happens anyway at the kernel level - even if you have no
state rules at all the entries are all there (well I belive they are - i've
never actually tried it!) and the table still gets used.
Cheers
Nigel
> entry is created... first of all, I'm assuming that the state
> module classifies every packet into one of exactly 4 categories,
> NEW,RELATED,ESTABLISHED, and INVALID. If this is incorrect then
> let me know.
Essentially yes. There are more "internal" states that the tcp stuff uses,
but for the rules the packet will fall into one of the above.
> My question is, if I don't invoke the state module on that last
> line there, is it making the state table entry in the way that is
> sensible?
connection tracking happens anyway at the kernel level - even if you have no
state rules at all the entries are all there (well I belive they are - i've
never actually tried it!) and the table still gets used.
Cheers
Nigel