From: Markus Feldmann <feldmann_markus@gmx.de>
To: netfilter@vger.kernel.org
Subject: Re: iptables NEW or SYN
Date: Thu, 13 May 2010 20:45:36 +0200 [thread overview]
Message-ID: <hshhcg$rl3$1@dough.gmane.org> (raw)
In-Reply-To: <AANLkTimpGd4uEnY5UiFQDs1oE6uEji6lbLnUej7eCXoX@mail.gmail.com>
Curby schrieb:
> On Thu, May 13, 2010 at 12:05 PM, Markus Feldmann
> <feldmann_markus@gmx.de> wrote:
>> What are CTs?
>
> Mebbe Conntrack? The basic point that Jan's trying to make is that
> NEW/ESTABLISHED/INVALID/RELATED describes packets as they're seen by
> the connection tracking. It is not necessarily related to whether a
> TCP packet has the SYN flag set.
>
> If a new and valid ICMP ping packet comes in, it's considered NEW by
> conntrack because it's not associated with any other traffic, not is
> it INVALID. That's an example of NEW packets that don't have to be
> TCP SYN.
I try an example and you say whether i am right.
If i meet a girl, which i doesnt meet before, than she is NEW.
When i meet a girl every day which, than she is only new at the first
meet but the meeting is every day a new experience (syn).
Is that correct?
So the state NEW is the sight view of my computer and the syn only
means, there is a foreign computer which wants to establish a new
connection.
Ist that right?
If that is right than i need the --syn argument not the state NEW for my
apache-server.
regards Markus
next prev parent reply other threads:[~2010-05-13 18:45 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-13 17:08 iptables NEW or SYN Markus Feldmann
2010-05-13 17:18 ` Jan Engelhardt
2010-05-13 17:42 ` Markus Feldmann
2010-05-13 18:00 ` Markus Feldmann
2010-05-13 18:09 ` Markus Feldmann
2010-05-13 20:09 ` Pascal Hambourg
2010-05-13 20:55 ` Markus Feldmann
2010-05-13 18:05 ` Markus Feldmann
2010-05-13 18:19 ` Curby
2010-05-13 18:45 ` Markus Feldmann [this message]
2010-05-13 19:23 ` Mistick Levi
2010-05-13 21:45 ` Markus Feldmann
2010-05-13 22:46 ` Curby
2010-05-14 0:06 ` Markus Feldmann
2010-05-14 0:23 ` Markus Feldmann
2010-05-14 2:19 ` Markus Feldmann
2010-05-14 6:41 ` Jan Engelhardt
2010-05-14 12:16 ` Markus Feldmann
2010-05-14 5:08 ` Mart Frauenlob
-- strict thread matches above, loose matches on Subject: below --
2010-05-13 13:17 Markus Feldmann
2010-05-13 15:21 ` ratheesh k
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='hshhcg$rl3$1@dough.gmane.org' \
--to=feldmann_markus@gmx.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.