difference conntrack state

To: debian-firewall@lists.debian.org
Subject: difference conntrack state
From: Frank Remetter <sunnyboyfrank@web.de>
Date: Sat, 19 Feb 2005 02:36:53 +0100
Message-id: <[🔎] 200502190236.53612.sunnyboyfrank@web.de>

Hey,

can somebody tell, what's the difference between the conntrack and the state 
match?
For example in the following two lines:
$IPTABLES -A INPUT -i $INT -s $INT_NET -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $INT -s $INT_NET -m conntrack --ctstate ESTABLISHED -j 
ACCEPT

conntrack takes ctproto as option: What protocols can be specified?
Only layer 4 (e.g. tcp) or also layer 7 (e.g. ftp)?

Regards
 Frank

Reply to:

debian-firewall@lists.debian.org
Frank Remetter (on-list)
Frank Remetter (off-list)

Prev by Date: Re: ulogd saves ipaddr as 32 bit int
Next by Date: ip6tables can't initialize any tables
Previous by thread: Re: ulogd saves ipaddr as 32 bit int
Next by thread: ip6tables can't initialize any tables
Index(es):
- Date
- Thread